CVE-2022-40664
published 2022-10-12CVE-2022-40664: Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | shiro | < 1.10.0 | 1.10.0 |
| apache_software_foundation | apache_shiro | >= Apache Shiro < 1.10.0 | 1.10.0 |
| debian | shiro | — | — |
| paloalto | pan-os | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL