VDB
CVE-2023-46749
CVE-2023-46749
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Apache Shiro vulnerable to path traversal
EPSS 0.20% · 41.8th percentile
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
EPSS Score
0.20%
41.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Maven | org.apache.shiro:shiro-core | 0, 2.0.0alpha1, 2.0.0 |
| Apache Software Foundation | Apache Shiro | 0, 2.0.0-alpha-1 |
| apache | shiro | 0, 2.0.0, 2.0.0 |
Exploit Intelligence
- shoucheng3/apache__shiro_CVE-2023-46749_1-12-0 (github-poc)
- shoucheng3/apache__shiro_CVE-2023-46749_1-12-0 (github-poc)
- shoucheng3/apache__shiro_CVE-2023-46749_1-12-0 (github-poc)
- shoucheng3/apache__shiro_CVE-2023-46749_1-12-0 (github-poc)
- shoucheng3/apache__shiro_CVE-2023-46749_1-12-0 (github-poc)
- shoucheng3/apache__shiro_CVE-2023-46749_1-12-0 (github-poc)
- shoucheng3/apache__shiro_CVE-2023-46749_1-12-0 (github-poc)
- https://security.netapp.com/advisory/ntap-20241108-0002/ (circl)
- https://lists.apache.org/thread/mdv7ftz7k4488rzloxo2fb0p9shnp9wm (circl)
- apache__shiro_CVE-2023-46749_1-12-0 (cve.org)
Timeline
- Jan 15, 2024 CVE Published
- Jan 17, 2024 EPSS Score
- Feb 14, 2024 EPSS Score
- Mar 13, 2024 EPSS Score
- May 8, 2024 EPSS Score
- Jun 5, 2024 EPSS Score
- Jul 3, 2024 EPSS Score
- Jul 31, 2024 EPSS Score
- Aug 28, 2024 EPSS Score
- Oct 23, 2024 EPSS Score
- Nov 20, 2024 EPSS Score
- Dec 19, 2024 EPSS Score
References
- https://lists.apache.org/thread/mdv7ftz7k4488rzloxo2fb0p9shnp9wm vendor-advisory
- https://security.netapp.com/advisory/ntap-20241108-0002/ url
- https://security.netapp.com/advisory/ntap-20241108-0001/ advisory
- https://www.ibm.com/support/pages/node/7156941 advisory
- https://www.ibm.com/support/pages/node/7158537 advisory
- https://www.ibm.com/support/pages/node/7157712 advisory
- https://www.ibm.com/support/pages/node/7158652 advisory
- https://www.ibm.com/support/pages/node/7158539 advisory
- https://www.ibm.com/support/pages/node/7158762 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-46749 advisory
- https://security.netapp.com/advisory/ntap-20241108-0002 url