CVE-2023-46750

CVE-2023-46750: Apache Shiro: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Shiro.

Vendor Apache Software Foundation

Product Apache Shiro

Weakness CWE-601 · Open redirect

Published December 14, 2023

Last update November 3, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+.

Key dates

Disclosure timeline

December 14, 2023 CVE published

November 3, 2025 Record updated

Identifiers

CVE CVE-2023-46750

CWE CWE-601

Affected versions

Vendor Apache Software Foundation

Product Apache Shiro

Affected < 1.13.0

Vendor Apache Software Foundation

Product Apache Shiro

Affected ≥ 2.0.0-alpha-1 and < 2.0.0-alpha-4