-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2020-11989 (Critical) detected in shiro-web-1.5.1.jar #11
Comments
✔️ This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory. |
✔️ This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory. |
ℹ️ This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory. |
CVE-2020-11989 - Critical Severity Vulnerability
Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services.
Library home page: https://shiro.apache.org/
Path to dependency file: /server/dist/pom.xml
Path to vulnerable library: /server/dist/pom.xml,/server/impl/pom.xml
Dependency Hierarchy:
Found in HEAD commit: 5478aeeda738bb625d7a100be550b55df120b611
Found in base branch: master
Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
Publish Date: 2020-06-22
URL: CVE-2020-11989
Base Score Metrics:
Type: Upgrade version
Origin: https://issues.apache.org/jira/browse/SHIRO-753
Release Date: 2020-06-22
Fix Resolution: 1.5.3
⛑️ Automatic Remediation will be attempted for this issue.
The text was updated successfully, but these errors were encountered: