CVE-2021-41303

CVE-2021-41303: Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass

Vendor Apache Software Foundation

Product Apache Shiro

Weakness CWE-287 · Improper authentication

Published September 17, 2021

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0.

Key dates

Disclosure timeline

September 17, 2021 CVE published

August 4, 2024 Record updated