You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@shiro.apache.org by bd...@apache.org on 2020/08/17 17:19:10 UTC

[shiro-site] branch master updated: Update sec report on shiro site

This is an automated email from the ASF dual-hosted git repository.

bdemers pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/shiro-site.git


The following commit(s) were added to refs/heads/master by this push:
     new f38a2b2  Update sec report on shiro site
f38a2b2 is described below

commit f38a2b29f78aacbcaaf37b02d31a55db9f3be12a
Author: Brian Demers <bd...@apache.org>
AuthorDate: Mon Aug 17 13:18:59 2020 -0400

    Update sec report on shiro site
---
 security-reports.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/security-reports.md b/security-reports.md
index bc75c9c..4e5c0d6 100644
--- a/security-reports.md
+++ b/security-reports.md
@@ -25,6 +25,9 @@ A [more detailed description of the process](http://www.apache.org/security/comm
 Apache Shiro Vulnerability Reports
 ----------------------------------
 
+###[CVE-2020-13933](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13933)
+Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass.
+
 ###[CVE-2020-11989](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11989)
 Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.