Your submission was sent successfully! Close

CVE-2020-11989

Published: 22 June 2020

Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
shiro
Launchpad, Ubuntu, Debian
bionic
Released (1.3.2-3~18.04.1)
eoan Ignored
(reached end-of-life)
focal
Released (1.3.2-4ubuntu0.1)
groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Needs triage

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Ignored
(end of standard support, was needs-triage)