CVE-2020-17523

Critical

Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.

apache·CWE-287·Published 2021-02-03

CVSS

9.8

EPSS

0.86

KEV

Exploits

cve.orgen

132 chars

Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.

NVDen

132 chars

Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.

GHSAen

132 chars

Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.

NVDes

164 chars

Apache Shiro versiones anteriores a 1.7.1, cuando se usa Apache Shiro con Spring, una petición HTTP especialmente diseñada puede causar una omisión de autenticación

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	9.0	10.0	8.5	AV:N/AC:L/Au:N/C:P/I:P/A:C
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	GHSA	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H