CVE-2022-40664

CVE-2022-40664: Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher

Vendor Apache Software Foundation
Product Apache Shiro
Weakness CWE-287 · Improper authentication
Published October 12, 2022
Last update May 15, 2025

CVSS base score

What the vulnerability does

01Description

Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.

Key dates

02Disclosure timeline

October 12, 2022 CVE published
May 15, 2025 Record updated