{"url":"http://public2.vulnerablecode.io/api/packages/68195?format=json","purl":"pkg:maven/org.apache.shiro/shiro-web@1.13.0","type":"maven","namespace":"org.apache.shiro","name":"shiro-web","version":"1.13.0","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.0.0-alpha-3","latest_non_vulnerable_version":"2.0.0-alpha-4","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46666?format=json","vulnerability_id":"VCID-5ft1-h1b5-5ydm","summary":"Open redirect in Apache Shiro\nURL Redirection to Untrusted Site ('Open Redirect') vulnerability when \"form\" authentication is used in Apache Shiro.\nMitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+.","references":[{"reference_url":"https://github.com/apache/shiro","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/shiro"},{"reference_url":"https://github.com/apache/shiro/commit/3b80f5c8e5a95ba31e92e4825ecc0ba3148b555a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/shiro/commit/3b80f5c8e5a95ba31e92e4825ecc0ba3148b555a"},{"reference_url":"https://github.com/apache/shiro/commit/8400d08d5eac0bc4fae99d28c5adc82dd8a86eda","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/shiro/commit/8400d08d5eac0bc4fae99d28c5adc82dd8a86eda"},{"reference_url":"https://lists.apache.org/thread/hoc9zdyzmmrfj1zhctsvvtx844tcq6w9","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread/hoc9zdyzmmrfj1zhctsvvtx844tcq6w9"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240808-0002","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20240808-0002"},{"reference_url":"https://security.netapp.com/advisory/ntap-20241108-0002","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20241108-0002"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46750","reference_id":"CVE-2023-46750","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46750"},{"reference_url":"https://github.com/advisories/GHSA-hhw5-c326-822h","reference_id":"GHSA-hhw5-c326-822h","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hhw5-c326-822h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68195?format=json","purl":"pkg:maven/org.apache.shiro/shiro-web@1.13.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.shiro/shiro-web@1.13.0"},{"url":"http://public2.vulnerablecode.io/api/packages/68196?format=json","purl":"pkg:maven/org.apache.shiro/shiro-web@2.0.0-alpha-4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.shiro/shiro-web@2.0.0-alpha-4"}],"aliases":["CVE-2023-46750","GHSA-hhw5-c326-822h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5ft1-h1b5-5ydm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46830?format=json","vulnerability_id":"VCID-sfwy-s2kr-bbbn","summary":"This advisory has been marked as False-Positive and removed\nApache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting \n\nMitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure `blockSemicolon` is enabled (this is the default).","references":[{"reference_url":"https://lists.apache.org/thread/mdv7ftz7k4488rzloxo2fb0p9shnp9wm","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread/mdv7ftz7k4488rzloxo2fb0p9shnp9wm"},{"reference_url":"https://security.netapp.com/advisory/ntap-20241108-0002","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20241108-0002"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46749","reference_id":"CVE-2023-46749","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46749"},{"reference_url":"https://github.com/advisories/GHSA-jc7h-c423-mpjc","reference_id":"GHSA-jc7h-c423-mpjc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jc7h-c423-mpjc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68195?format=json","purl":"pkg:maven/org.apache.shiro/shiro-web@1.13.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.shiro/shiro-web@1.13.0"}],"aliases":["CVE-2023-46749","GHSA-jc7h-c423-mpjc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sfwy-s2kr-bbbn"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.shiro/shiro-web@1.13.0"}