Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.shiro/shiro-all@1.2.6
Typemaven
Namespaceorg.apache.shiro
Nameshiro-all
Version1.2.6
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.12.0
Latest_non_vulnerable_version1.13.0
Affected_by_vulnerabilities
0
url VCID-2c97-ktjp-8qfr
vulnerability_id VCID-2c97-ktjp-8qfr
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6802.json
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6802.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-6802
reference_id
reference_type
scores
0
value 0.13506
scoring_system epss
scoring_elements 0.94378
published_at 2026-06-11T12:55:00Z
1
value 0.13506
scoring_system epss
scoring_elements 0.94398
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-6802
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6802
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6802
3
reference_url https://github.com/apache/shiro/commit/b15ab927709ca18ea4a02538be01919a19ab65af
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/shiro/commit/b15ab927709ca18ea4a02538be01919a19ab65af
4
reference_url https://issues.apache.org/jira/browse/SHIRO-584
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/SHIRO-584
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-6802
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-6802
6
reference_url https://packetstormsecurity.com/files/138709/Apache-Shiro-Filter-Bypass.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://packetstormsecurity.com/files/138709/Apache-Shiro-Filter-Bypass.html
7
reference_url https://shiro.apache.org/news.html#1.3.2-released
reference_id
reference_type
scores
url https://shiro.apache.org/news.html#1.3.2-released
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1375884
reference_id 1375884
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1375884
9
reference_url https://github.com/advisories/GHSA-4q2v-j639-cp7p
reference_id GHSA-4q2v-j639-cp7p
reference_type
scores
url https://github.com/advisories/GHSA-4q2v-j639-cp7p
10
reference_url https://usn.ubuntu.com/7147-1/
reference_id USN-7147-1
reference_type
scores
url https://usn.ubuntu.com/7147-1/
fixed_packages
0
url pkg:maven/org.apache.shiro/shiro-all@1.3.2
purl pkg:maven/org.apache.shiro/shiro-all@1.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3ptn-74xe-yfhw
1
vulnerability VCID-5h1h-hvym-gqfk
2
vulnerability VCID-5mgd-9nh4-vqgj
3
vulnerability VCID-5wgz-u8kr-83am
4
vulnerability VCID-7vas-4jdq-pybe
5
vulnerability VCID-mn2c-tb5g-rfd4
6
vulnerability VCID-nq23-xpnc-6uad
7
vulnerability VCID-rjrz-ymyq-ffhg
8
vulnerability VCID-yd8z-7uf8-1baq
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.shiro/shiro-all@1.3.2
aliases CVE-2016-6802, GHSA-4q2v-j639-cp7p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2c97-ktjp-8qfr
1
url VCID-3ptn-74xe-yfhw
vulnerability_id VCID-3ptn-74xe-yfhw
summary Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1957.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1957.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1957
reference_id
reference_type
scores
0
value 0.88599
scoring_system epss
scoring_elements 0.99527
published_at 2026-06-11T12:55:00Z
1
value 0.88599
scoring_system epss
scoring_elements 0.99529
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1957
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1957
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1957
3
reference_url https://github.com/apache/shiro
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/shiro
4
reference_url https://lists.apache.org/thread.html/r17f371fc89d34df2d0c8131473fbc68154290e1be238895648f5a1e6%40%3Cdev.shiro.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r17f371fc89d34df2d0c8131473fbc68154290e1be238895648f5a1e6%40%3Cdev.shiro.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/r2d2612c034ab21a3a19d2132d47d3e4aa70105008dd58af62b653040@%3Ccommits.shiro.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r2d2612c034ab21a3a19d2132d47d3e4aa70105008dd58af62b653040@%3Ccommits.shiro.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/rab1972d6b177f7b5c3dde9cfb0a40f03bca75f0eaf1d8311e5762cb3@%3Ccommits.shiro.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rab1972d6b177f7b5c3dde9cfb0a40f03bca75f0eaf1d8311e5762cb3@%3Ccommits.shiro.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/rb3982edf8bc8fcaa7a308e25a12d294fb4aac1f1e9d4e14fda639e77@%3Cdev.geode.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb3982edf8bc8fcaa7a308e25a12d294fb4aac1f1e9d4e14fda639e77@%3Cdev.geode.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/rc64fb2336683feff3580c3c3a8b28e80525077621089641f2f386b63@%3Ccommits.camel.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc64fb2336683feff3580c3c3a8b28e80525077621089641f2f386b63@%3Ccommits.camel.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/rc8b39ea8b3ef71ddc1cd74ffc866546182683c8adecf19c263fe7ac0@%3Ccommits.shiro.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc8b39ea8b3ef71ddc1cd74ffc866546182683c8adecf19c263fe7ac0@%3Ccommits.shiro.apache.org%3E
10
reference_url https://lists.debian.org/debian-lts-announce/2020/04/msg00014.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/04/msg00014.html
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1957
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1957
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1829281
reference_id 1829281
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1829281
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=955018
reference_id 955018
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=955018
14
reference_url https://github.com/advisories/GHSA-26gr-cvq3-qxgf
reference_id GHSA-26gr-cvq3-qxgf
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-26gr-cvq3-qxgf
15
reference_url https://usn.ubuntu.com/4740-1/
reference_id USN-4740-1
reference_type
scores
url https://usn.ubuntu.com/4740-1/
fixed_packages
0
url pkg:maven/org.apache.shiro/shiro-all@1.5.2
purl pkg:maven/org.apache.shiro/shiro-all@1.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5h1h-hvym-gqfk
1
vulnerability VCID-5mgd-9nh4-vqgj
2
vulnerability VCID-5wgz-u8kr-83am
3
vulnerability VCID-7vas-4jdq-pybe
4
vulnerability VCID-mn2c-tb5g-rfd4
5
vulnerability VCID-nq23-xpnc-6uad
6
vulnerability VCID-yd8z-7uf8-1baq
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.shiro/shiro-all@1.5.2
aliases CVE-2020-1957, GHSA-26gr-cvq3-qxgf
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3ptn-74xe-yfhw
2
url VCID-5h1h-hvym-gqfk
vulnerability_id VCID-5h1h-hvym-gqfk
summary Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17510.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17510.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-17510
reference_id
reference_type
scores
0
value 0.01799
scoring_system epss
scoring_elements 0.83189
published_at 2026-06-11T12:55:00Z
1
value 0.01799
scoring_system epss
scoring_elements 0.8325
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-17510
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17510
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17510
3
reference_url https://github.com/apache/shiro
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/shiro
4
reference_url https://github.com/apache/shiro/commit/dc194fc977ab6cfbf3c1ecb085e2bac5db14af6d
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/shiro/commit/dc194fc977ab6cfbf3c1ecb085e2bac5db14af6d
5
reference_url https://lists.apache.org/thread.html/r575301804bfac87a064359cf4b4ae9d514f2d10db7d44120765f4129@%3Cdev.shiro.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r575301804bfac87a064359cf4b4ae9d514f2d10db7d44120765f4129@%3Cdev.shiro.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r70098e336d02047ce4d4e69293fe8d558cd68cde06f6430398959bc4@%3Cdev.shiro.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r70098e336d02047ce4d4e69293fe8d558cd68cde06f6430398959bc4@%3Cdev.shiro.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r70b907ccb306e9391145e2b10f56cc6914a245f91720a17a486c020a@%3Cdev.shiro.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r70b907ccb306e9391145e2b10f56cc6914a245f91720a17a486c020a@%3Cdev.shiro.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/r852971e28f54cafa7d325bd7033115c67d613b112a2a1076817390ac@%3Cdev.shiro.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r852971e28f54cafa7d325bd7033115c67d613b112a2a1076817390ac@%3Cdev.shiro.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/r95bdf3703858b5f958b5e190d747421771b430d97095880db91980d6@%3Cannounce.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r95bdf3703858b5f958b5e190d747421771b430d97095880db91980d6@%3Cannounce.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/r9d93dfb5df016b1a71a808486bc8f9fbafebbdbc8533625f91253f1d@%3Cdev.shiro.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r9d93dfb5df016b1a71a808486bc8f9fbafebbdbc8533625f91253f1d@%3Cdev.shiro.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/rb47d88af224e396ee34ffb88ee99fb6d04510de5722cf14b7137e6bc@%3Cdev.shiro.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb47d88af224e396ee34ffb88ee99fb6d04510de5722cf14b7137e6bc@%3Cdev.shiro.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/rc2cff2538b683d480426393eecf1ce8dd80e052fbef49303b4f47171%40%3Cdev.shiro.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc2cff2538b683d480426393eecf1ce8dd80e052fbef49303b4f47171%40%3Cdev.shiro.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/re25b8317b00a50272a7252c4552cf1a81a97984cc2111ef7728e48e0@%3Cdev.shiro.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re25b8317b00a50272a7252c4552cf1a81a97984cc2111ef7728e48e0@%3Cdev.shiro.apache.org%3E
14
reference_url https://lists.debian.org/debian-lts-announce/2021/08/msg00002.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/08/msg00002.html
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-17510
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-17510
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1903727
reference_id 1903727
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1903727
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988728
reference_id 988728
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988728
18
reference_url https://github.com/advisories/GHSA-7cj4-gj8m-m2f7
reference_id GHSA-7cj4-gj8m-m2f7
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7cj4-gj8m-m2f7
19
reference_url https://access.redhat.com/errata/RHSA-2021:3140
reference_id RHSA-2021:3140
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3140
20
reference_url https://usn.ubuntu.com/6352-1/
reference_id USN-6352-1
reference_type
scores
url https://usn.ubuntu.com/6352-1/
fixed_packages
0
url pkg:maven/org.apache.shiro/shiro-all@1.7.0
purl pkg:maven/org.apache.shiro/shiro-all@1.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5mgd-9nh4-vqgj
1
vulnerability VCID-7vas-4jdq-pybe
2
vulnerability VCID-mn2c-tb5g-rfd4
3
vulnerability VCID-nq23-xpnc-6uad
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.shiro/shiro-all@1.7.0
aliases CVE-2020-17510, GHSA-7cj4-gj8m-m2f7
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5h1h-hvym-gqfk
3
url VCID-5mgd-9nh4-vqgj
vulnerability_id VCID-5mgd-9nh4-vqgj
summary 
When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass.

The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot < 2.6 default to Ant style pattern matching.
Mitigation: Update to Apache Shiro 1.11.0, or set the following Spring Boot configuration value:  `spring.mvc.pathmatch.matching-strategy = ant_path_matcher`
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22602.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22602.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22602
reference_id
reference_type
scores
0
value 0.00217
scoring_system epss
scoring_elements 0.44324
published_at 2026-06-11T12:55:00Z
1
value 0.00217
scoring_system epss
scoring_elements 0.44477
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22602
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22602
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22602
3
reference_url https://github.com/apache/shiro
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/shiro
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22602
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22602
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029039
reference_id 1029039
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029039
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2182198
reference_id 2182198
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2182198
7
reference_url https://lists.apache.org/thread/dzj0k2smpzzgj6g666hrbrgsrlf9yhkl
reference_id dzj0k2smpzzgj6g666hrbrgsrlf9yhkl
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T15:25:09Z/
url https://lists.apache.org/thread/dzj0k2smpzzgj6g666hrbrgsrlf9yhkl
8
reference_url https://github.com/advisories/GHSA-7cxr-h8wm-fg4c
reference_id GHSA-7cxr-h8wm-fg4c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7cxr-h8wm-fg4c
9
reference_url https://access.redhat.com/errata/RHSA-2023:2100
reference_id RHSA-2023:2100
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2100
10
reference_url https://access.redhat.com/errata/RHSA-2023:3954
reference_id RHSA-2023:3954
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3954
fixed_packages
0
url pkg:maven/org.apache.shiro/shiro-all@1.11.0
purl pkg:maven/org.apache.shiro/shiro-all@1.11.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7vas-4jdq-pybe
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.shiro/shiro-all@1.11.0
aliases CVE-2023-22602, GHSA-7cxr-h8wm-fg4c
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5mgd-9nh4-vqgj
4
url VCID-5wgz-u8kr-83am
vulnerability_id VCID-5wgz-u8kr-83am
summary Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11989.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11989.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-11989
reference_id
reference_type
scores
0
value 0.84744
scoring_system epss
scoring_elements 0.99359
published_at 2026-06-11T12:55:00Z
1
value 0.84744
scoring_system epss
scoring_elements 0.99361
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-11989
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11989
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11989
3
reference_url https://github.com/apache/shiro
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/shiro
4
reference_url https://lists.apache.org/thread.html/r2d2612c034ab21a3a19d2132d47d3e4aa70105008dd58af62b653040@%3Ccommits.shiro.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r2d2612c034ab21a3a19d2132d47d3e4aa70105008dd58af62b653040@%3Ccommits.shiro.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/r408fe60bc8fdfd7c74135249d646d7abadb807ebf90f6fd2b014df21@%3Cdev.geode.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r408fe60bc8fdfd7c74135249d646d7abadb807ebf90f6fd2b014df21@%3Cdev.geode.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r72815a124a119c450b86189767d06848e0d380b1795c6c511d54a675@%3Cdev.shiro.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r72815a124a119c450b86189767d06848e0d380b1795c6c511d54a675@%3Cdev.shiro.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r72815a124a119c450b86189767d06848e0d380b1795c6c511d54a675@%3Cuser.shiro.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r72815a124a119c450b86189767d06848e0d380b1795c6c511d54a675@%3Cuser.shiro.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/r72815a124a119c450b86189767d06848e0d380b1795c6c511d54a675%40%3Cuser.shiro.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r72815a124a119c450b86189767d06848e0d380b1795c6c511d54a675%40%3Cuser.shiro.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/rab1972d6b177f7b5c3dde9cfb0a40f03bca75f0eaf1d8311e5762cb3@%3Ccommits.shiro.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rab1972d6b177f7b5c3dde9cfb0a40f03bca75f0eaf1d8311e5762cb3@%3Ccommits.shiro.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/rc8b39ea8b3ef71ddc1cd74ffc866546182683c8adecf19c263fe7ac0@%3Ccommits.shiro.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc8b39ea8b3ef71ddc1cd74ffc866546182683c8adecf19c263fe7ac0@%3Ccommits.shiro.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/rcf3d8041e1232201fe5d74fc612a193e435784d64002409b448b58fe@%3Cdev.geode.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rcf3d8041e1232201fe5d74fc612a193e435784d64002409b448b58fe@%3Cdev.geode.apache.org%3E
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-11989
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-11989
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1850069
reference_id 1850069
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1850069
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988728
reference_id 988728
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988728
15
reference_url https://github.com/advisories/GHSA-72w9-fcj5-3fcg
reference_id GHSA-72w9-fcj5-3fcg
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-72w9-fcj5-3fcg
16
reference_url https://access.redhat.com/errata/RHSA-2020:5568
reference_id RHSA-2020:5568
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5568
17
reference_url https://usn.ubuntu.com/4740-1/
reference_id USN-4740-1
reference_type
scores
url https://usn.ubuntu.com/4740-1/
fixed_packages
0
url pkg:maven/org.apache.shiro/shiro-all@1.5.3
purl pkg:maven/org.apache.shiro/shiro-all@1.5.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5h1h-hvym-gqfk
1
vulnerability VCID-5mgd-9nh4-vqgj
2
vulnerability VCID-7vas-4jdq-pybe
3
vulnerability VCID-mn2c-tb5g-rfd4
4
vulnerability VCID-nq23-xpnc-6uad
5
vulnerability VCID-yd8z-7uf8-1baq
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.shiro/shiro-all@1.5.3
aliases CVE-2020-11989, GHSA-72w9-fcj5-3fcg
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5wgz-u8kr-83am
5
url VCID-7vas-4jdq-pybe
vulnerability_id VCID-7vas-4jdq-pybe
summary 
Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests.

Mitigation: Update to Apache Shiro 1.12.0+ or 2.0.0-alpha-3+
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-34478
reference_id
reference_type
scores
0
value 0.00052
scoring_system epss
scoring_elements 0.16507
published_at 2026-06-11T12:55:00Z
1
value 0.00052
scoring_system epss
scoring_elements 0.16653
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-34478
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34478
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34478
2
reference_url https://github.com/apache/shiro
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/shiro
3
reference_url https://github.com/apache/shiro/commit/c3ede3f94efb442acb0795714a022c2c121d1da0
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/shiro/commit/c3ede3f94efb442acb0795714a022c2c121d1da0
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-34478
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-34478
5
reference_url https://security.netapp.com/advisory/ntap-20230915-0005
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230915-0005
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051228
reference_id 1051228
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051228
7
reference_url http://www.openwall.com/lists/oss-security/2023/07/24/4
reference_id 4
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:25:43Z/
url http://www.openwall.com/lists/oss-security/2023/07/24/4
8
reference_url https://github.com/advisories/GHSA-pmhc-2g4f-85cg
reference_id GHSA-pmhc-2g4f-85cg
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pmhc-2g4f-85cg
9
reference_url https://lists.apache.org/thread/mbv26onkgw9o35rldh7vmq11wpv2t2qk
reference_id mbv26onkgw9o35rldh7vmq11wpv2t2qk
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:25:43Z/
url https://lists.apache.org/thread/mbv26onkgw9o35rldh7vmq11wpv2t2qk
10
reference_url https://security.netapp.com/advisory/ntap-20230915-0005/
reference_id ntap-20230915-0005
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:25:43Z/
url https://security.netapp.com/advisory/ntap-20230915-0005/
11
reference_url https://usn.ubuntu.com/7147-1/
reference_id USN-7147-1
reference_type
scores
url https://usn.ubuntu.com/7147-1/
fixed_packages
0
url pkg:maven/org.apache.shiro/shiro-all@1.12.0
purl pkg:maven/org.apache.shiro/shiro-all@1.12.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.shiro/shiro-all@1.12.0
aliases CVE-2023-34478, GHSA-pmhc-2g4f-85cg
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7vas-4jdq-pybe
6
url VCID-mn2c-tb5g-rfd4
vulnerability_id VCID-mn2c-tb5g-rfd4
summary Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32532.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32532.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-32532
reference_id
reference_type
scores
0
value 0.81936
scoring_system epss
scoring_elements 0.99229
published_at 2026-06-12T12:55:00Z
1
value 0.81936
scoring_system epss
scoring_elements 0.99226
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-32532
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32532
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32532
3
reference_url https://github.com/apache/shiro
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/shiro
4
reference_url https://lists.apache.org/thread/y8260dw8vbm99oq7zv6y3mzn5ovk90xh
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/y8260dw8vbm99oq7zv6y3mzn5ovk90xh
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014820
reference_id 1014820
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014820
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2107130
reference_id 2107130
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2107130
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-32532
reference_id CVE-2022-32532
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-32532
8
reference_url https://github.com/advisories/GHSA-4cf5-xmhp-3xj7
reference_id GHSA-4cf5-xmhp-3xj7
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4cf5-xmhp-3xj7
fixed_packages
0
url pkg:maven/org.apache.shiro/shiro-all@1.9.1
purl pkg:maven/org.apache.shiro/shiro-all@1.9.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5mgd-9nh4-vqgj
1
vulnerability VCID-7vas-4jdq-pybe
2
vulnerability VCID-nq23-xpnc-6uad
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.shiro/shiro-all@1.9.1
aliases CVE-2022-32532, GHSA-4cf5-xmhp-3xj7
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mn2c-tb5g-rfd4
7
url VCID-nq23-xpnc-6uad
vulnerability_id VCID-nq23-xpnc-6uad
summary Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40664.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40664.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-40664
reference_id
reference_type
scores
0
value 0.00542
scoring_system epss
scoring_elements 0.68243
published_at 2026-06-12T12:55:00Z
1
value 0.00708
scoring_system epss
scoring_elements 0.72653
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-40664
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40664
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40664
3
reference_url https://github.com/apache/shiro
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/shiro
4
reference_url https://security.netapp.com/advisory/ntap-20221118-0005
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20221118-0005
5
reference_url https://shiro.apache.org/blog/2022/10/10/2022/apache-shiro-1101-released.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://shiro.apache.org/blog/2022/10/10/2022/apache-shiro-1101-released.html
6
reference_url http://www.openwall.com/lists/oss-security/2022/10/12/1
reference_id 1
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-15T15:02:13Z/
url http://www.openwall.com/lists/oss-security/2022/10/12/1
7
reference_url http://www.openwall.com/lists/oss-security/2022/10/13/1
reference_id 1
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-15T15:02:13Z/
url http://www.openwall.com/lists/oss-security/2022/10/13/1
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021671
reference_id 1021671
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021671
9
reference_url http://www.openwall.com/lists/oss-security/2022/10/12/2
reference_id 2
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-15T15:02:13Z/
url http://www.openwall.com/lists/oss-security/2022/10/12/2
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2193469
reference_id 2193469
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2193469
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-40664
reference_id CVE-2022-40664
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-40664
12
reference_url https://github.com/advisories/GHSA-45x9-q6vj-cqgq
reference_id GHSA-45x9-q6vj-cqgq
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-45x9-q6vj-cqgq
13
reference_url https://lists.apache.org/thread/loc2ktxng32xpy7lfwxto13k4lvnhjwg
reference_id loc2ktxng32xpy7lfwxto13k4lvnhjwg
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-15T15:02:13Z/
url https://lists.apache.org/thread/loc2ktxng32xpy7lfwxto13k4lvnhjwg
14
reference_url https://security.netapp.com/advisory/ntap-20221118-0005/
reference_id ntap-20221118-0005
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-15T15:02:13Z/
url https://security.netapp.com/advisory/ntap-20221118-0005/
fixed_packages
0
url pkg:maven/org.apache.shiro/shiro-all@1.10.0
purl pkg:maven/org.apache.shiro/shiro-all@1.10.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5mgd-9nh4-vqgj
1
vulnerability VCID-7vas-4jdq-pybe
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.shiro/shiro-all@1.10.0
aliases CVE-2022-40664, GHSA-45x9-q6vj-cqgq
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nq23-xpnc-6uad
8
url VCID-rjrz-ymyq-ffhg
vulnerability_id VCID-rjrz-ymyq-ffhg
summary Improper input validation in Apache Shiro
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12422.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12422.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12422
reference_id
reference_type
scores
0
value 0.54895
scoring_system epss
scoring_elements 0.98097
published_at 2026-06-12T12:55:00Z
1
value 0.54895
scoring_system epss
scoring_elements 0.9809
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12422
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12422
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12422
3
reference_url https://lists.apache.org/thread.html/c9db14cfebfb8e74205884ed2bf2e2b30790ce24b7dde9191c82572c@%3Cdev.shiro.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/c9db14cfebfb8e74205884ed2bf2e2b30790ce24b7dde9191c82572c@%3Cdev.shiro.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/r2d2612c034ab21a3a19d2132d47d3e4aa70105008dd58af62b653040@%3Ccommits.shiro.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r2d2612c034ab21a3a19d2132d47d3e4aa70105008dd58af62b653040@%3Ccommits.shiro.apache.org%3E
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1774726
reference_id 1774726
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1774726
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947945
reference_id 947945
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947945
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12422
reference_id CVE-2019-12422
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12422
8
reference_url https://github.com/advisories/GHSA-r679-m633-g7wc
reference_id GHSA-r679-m633-g7wc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r679-m633-g7wc
9
reference_url https://access.redhat.com/errata/RHSA-2020:0983
reference_id RHSA-2020:0983
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0983
fixed_packages
0
url pkg:maven/org.apache.shiro/shiro-all@1.4.2
purl pkg:maven/org.apache.shiro/shiro-all@1.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3ptn-74xe-yfhw
1
vulnerability VCID-5h1h-hvym-gqfk
2
vulnerability VCID-5mgd-9nh4-vqgj
3
vulnerability VCID-5wgz-u8kr-83am
4
vulnerability VCID-7vas-4jdq-pybe
5
vulnerability VCID-mn2c-tb5g-rfd4
6
vulnerability VCID-nq23-xpnc-6uad
7
vulnerability VCID-yd8z-7uf8-1baq
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.shiro/shiro-all@1.4.2
aliases CVE-2019-12422, GHSA-r679-m633-g7wc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rjrz-ymyq-ffhg
9
url VCID-yd8z-7uf8-1baq
vulnerability_id VCID-yd8z-7uf8-1baq
summary Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13933.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13933.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13933
reference_id
reference_type
scores
0
value 0.8093
scoring_system epss
scoring_elements 0.99175
published_at 2026-06-11T12:55:00Z
1
value 0.8093
scoring_system epss
scoring_elements 0.99178
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13933
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13933
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13933
3
reference_url https://github.com/apache/shiro
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/shiro
4
reference_url https://lists.apache.org/thread.html/r18b45d560d76c4260813c802771cc9678aa651fb8340e09366bfa198@%3Cdev.geode.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r18b45d560d76c4260813c802771cc9678aa651fb8340e09366bfa198@%3Cdev.geode.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/r4506cedc401d6b8de83787f8436aac83956e411d66848c84785db46d@%3Cdev.shiro.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r4506cedc401d6b8de83787f8436aac83956e411d66848c84785db46d@%3Cdev.shiro.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r4c1e1249e9e1acb868db0c80728c13f448d07333da06a0f1603c0a33@%3Cdev.shiro.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r4c1e1249e9e1acb868db0c80728c13f448d07333da06a0f1603c0a33@%3Cdev.shiro.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r539f87706094e79c5da0826030384373f0041068936912876856835f%40%3Cdev.shiro.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r539f87706094e79c5da0826030384373f0041068936912876856835f%40%3Cdev.shiro.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/r575301804bfac87a064359cf4b4ae9d514f2d10db7d44120765f4129@%3Cdev.shiro.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r575301804bfac87a064359cf4b4ae9d514f2d10db7d44120765f4129@%3Cdev.shiro.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/r6ea0224c1971a91dc6ade1f22508119a9c3bd56cef656f0c44bbfabb@%3Cdev.shiro.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r6ea0224c1971a91dc6ade1f22508119a9c3bd56cef656f0c44bbfabb@%3Cdev.shiro.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/r70098e336d02047ce4d4e69293fe8d558cd68cde06f6430398959bc4@%3Cdev.shiro.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r70098e336d02047ce4d4e69293fe8d558cd68cde06f6430398959bc4@%3Cdev.shiro.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/r70b907ccb306e9391145e2b10f56cc6914a245f91720a17a486c020a@%3Cdev.shiro.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r70b907ccb306e9391145e2b10f56cc6914a245f91720a17a486c020a@%3Cdev.shiro.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/r8097b81905f2a113ebdf925bcbc6d8c9d6863c807c9ee42e1e7c9293@%3Cdev.shiro.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8097b81905f2a113ebdf925bcbc6d8c9d6863c807c9ee42e1e7c9293@%3Cdev.shiro.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/r852971e28f54cafa7d325bd7033115c67d613b112a2a1076817390ac@%3Cdev.shiro.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r852971e28f54cafa7d325bd7033115c67d613b112a2a1076817390ac@%3Cdev.shiro.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/r9d93dfb5df016b1a71a808486bc8f9fbafebbdbc8533625f91253f1d@%3Cdev.shiro.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r9d93dfb5df016b1a71a808486bc8f9fbafebbdbc8533625f91253f1d@%3Cdev.shiro.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/r9ea6d8560d6354d41433ad006069904f0ed083527aa348b5999261a7@%3Cdev.geode.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r9ea6d8560d6354d41433ad006069904f0ed083527aa348b5999261a7@%3Cdev.geode.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/rb47d88af224e396ee34ffb88ee99fb6d04510de5722cf14b7137e6bc@%3Cdev.shiro.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb47d88af224e396ee34ffb88ee99fb6d04510de5722cf14b7137e6bc@%3Cdev.shiro.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/rb5edf49cd1451475dbcf53826ba6ef1bb7872dd6493d6112eb0c2bad@%3Cdev.shiro.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb5edf49cd1451475dbcf53826ba6ef1bb7872dd6493d6112eb0c2bad@%3Cdev.shiro.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/re25b8317b00a50272a7252c4552cf1a81a97984cc2111ef7728e48e0@%3Cdev.shiro.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re25b8317b00a50272a7252c4552cf1a81a97984cc2111ef7728e48e0@%3Cdev.shiro.apache.org%3E
19
reference_url https://lists.debian.org/debian-lts-announce/2021/08/msg00002.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/08/msg00002.html
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13933
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13933
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1869860
reference_id 1869860
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1869860
22
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968753
reference_id 968753
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968753
23
reference_url https://github.com/advisories/GHSA-2vgm-wxr3-6w2j
reference_id GHSA-2vgm-wxr3-6w2j
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2vgm-wxr3-6w2j
24
reference_url https://access.redhat.com/errata/RHSA-2020:5568
reference_id RHSA-2020:5568
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5568
25
reference_url https://access.redhat.com/errata/RHSA-2021:0384
reference_id RHSA-2021:0384
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0384
26
reference_url https://usn.ubuntu.com/6352-1/
reference_id USN-6352-1
reference_type
scores
url https://usn.ubuntu.com/6352-1/
fixed_packages
0
url pkg:maven/org.apache.shiro/shiro-all@1.6.0
purl pkg:maven/org.apache.shiro/shiro-all@1.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5h1h-hvym-gqfk
1
vulnerability VCID-5mgd-9nh4-vqgj
2
vulnerability VCID-7vas-4jdq-pybe
3
vulnerability VCID-mn2c-tb5g-rfd4
4
vulnerability VCID-nq23-xpnc-6uad
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.shiro/shiro-all@1.6.0
aliases CVE-2020-13933, GHSA-2vgm-wxr3-6w2j
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yd8z-7uf8-1baq
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.shiro/shiro-all@1.2.6