CVE-2020-11989

Summary

Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache ShiroApache Shiro 1.5.2 - 1.5.3affected

Weaknesses

  • Authentication Bypass by Primary Weakness

ADP Enrichment

CVE Program Container

Additional References

References