You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by Brian Demers <bd...@apache.org> on 2020/06/22 14:39:44 UTC

[Announce] CVE-2020-11989: Authentication Bypass by Primary Weakness

Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic
controllers, a specially crafted request may cause an authentication bypass.

This issue was independently discovered by two different researchers:
* Ruilin Yang of Tencent Security Xuanwu Lab
* 淚笑 (leixiao)