VDB
CNVD-2020-19939
CNVD-2020-19939
PUBLISHED
Apache Shiro是美国阿帕奇(Apache)软件基金会的一套用于执行认证、授权、加密和会话管理的Java安全框架。 Apache Shiro 1.5.2之前版本中存在安全漏洞。攻击者可借助特制的请求利用该漏洞绕过身份验证。
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | Apache Shiro | Apache Shiro to 1.5.2 |
Exploit Intelligence
- https://lists.apache.org/thread.html/r17f371fc89d34df2d0c8131473fbc68154290e1be238895648f5a1e6%40%3Cdev.shiro.apache.org%3E (circl)
- [camel-commits] 20200325 [camel] branch camel-3.0.x updated: Updating Shiro to 1.5.2 due to CVE-2020-1957 (circl)
- [geode-dev] 20200406 Proposal to bring GEODE-7941 to support/1.12 (circl)
- [debian-lts-announce] 20200419 [SECURITY] [DLA 2181-1] shiro security update (circl)
- [shiro-commits] 20200622 svn commit: r1879089 - /shiro/site/publish/security-reports.html (circl)
- [shiro-commits] 20200622 svn commit: r1879088 - /shiro/site/publish/security-reports.html (circl)
- [shiro-commits] 20200817 svn commit: r1880941 - /shiro/site/publish/security-reports.html (circl)
Timeline
- Mar 25, 2020 CVE Published
References
- https://lists.apache.org/thread.html/r17f371fc89d34df2d0c8131473fbc68154290e1be238895648f5a1e6%40%3Cdev.shiro.apache.org%3E url
- [camel-commits] 20200325 [camel] branch camel-3.0.x updated: Updating Shiro to 1.5.2 due to CVE-2020-1957 mailing-list
- [geode-dev] 20200406 Proposal to bring GEODE-7941 to support/1.12 mailing-list
- [debian-lts-announce] 20200419 [SECURITY] [DLA 2181-1] shiro security update mailing-list
- [shiro-commits] 20200622 svn commit: r1879089 - /shiro/site/publish/security-reports.html mailing-list
- [shiro-commits] 20200622 svn commit: r1879088 - /shiro/site/publish/security-reports.html mailing-list
- [shiro-commits] 20200817 svn commit: r1880941 - /shiro/site/publish/security-reports.html mailing-list