Bug#955018: shiro: CVE-2020-1957
Salvatore Bonaccorso
carnil at debian.org
Thu Mar 26 20:38:18 GMT 2020
Source: shiro
Version: 1.3.2-4
Severity: important
Tags: security upstream
Control: found -1 1.3.2-1
Hi,
The following vulnerability was published for shiro.
CVE-2020-1957[0]:
| Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic
| controllers, a specially crafted request may cause an authentication
| bypass.
There is no reference to upstream issues or fixes, can you check?
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-1957
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1957
[1] https://www.openwall.com/lists/oss-security/2020/03/23/2
Regards,
Salvatore
More information about the pkg-java-maintainers
mailing list