CVE-2023-22602

HIGH Year: 2023
CVSS v3 Score
7.5
High
Weakness Type
CWE-436
View all →

Vulnerability Description

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot < 2.6 default to Ant style pattern matching. Mitigation: Update to Apache Shiro 1.11.0, or set the following Spring Boot configuration value: `spring.mvc.pathmatch.matching-strategy = ant_path_matcher`

Related Vulnerabilities

CVE-2019-17596

HIGH
CVSS:7.5(High)

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client t...

CWE-4362019

CVE-2020-10193

HIGH
CVSS:7.5(High)

ESET Archive Support Module before 1294 allows virus-detection bypass via crafted RAR Compression Information in an archive. This affects versions before 1294 of Smart Security Premium, Internet Secur...

CWE-4362020

CVE-2021-39137

HIGH
CVSS:7.5(High)

go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum (Geth) could cause a chain split, where vulnerable versions refuse...

CWE-4362021

CVE-2022-23773

HIGH
CVSS:7.5(High)

cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able ...

CWE-4362022

CVE-2022-48230

HIGH
CVSS:7.5(High)

There is a misinterpretation of input vulnerability in BiSheng-WNM FW 3.0.0.325. Successful exploitation could lead to DoS.

CWE-4362022

CVE-2022-48261

HIGH
CVSS:7.5(High)

There is a misinterpretation of input vulnerability in BiSheng-WNM FW 3.0.0.325. Successful exploitation of this vulnerability may cause the printer service to be abnormal.

CWE-4362022