https://bugzilla.redhat.com/show_bug.cgi?id=1829281
Bug ID: 1829281 Summary: CVE-2020-1957 shiro: Spring dynamic controllers, a specially crafted request may cause an authentication bypass Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team@redhat.com Reporter: mrehak@redhat.com CC: aileenc@redhat.com, ataylor@redhat.com, chazlett@redhat.com, dbecker@redhat.com, drieden@redhat.com, extras-orphan@fedoraproject.org, ganandan@redhat.com, ggaughan@redhat.com, gmalinko@redhat.com, gvarsami@redhat.com, janstey@redhat.com, java-sig-commits@lists.fedoraproject.org, jcoleman@redhat.com, jjoyce@redhat.com, jochrist@redhat.com, jschluet@redhat.com, jwon@redhat.com, kbasil@redhat.com, kconner@redhat.com, ldimaggi@redhat.com, lhh@redhat.com, lpeer@redhat.com, mburns@redhat.com, mkolesni@redhat.com, nwallace@redhat.com, puntogil@libero.it, rwagner@redhat.com, sclewis@redhat.com, scohen@redhat.com, slinaber@redhat.com, tcunning@redhat.com, tkirby@redhat.com Target Milestone: --- Classification: Other
When using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
Upstream Advisory:
https://lists.apache.org/thread.html/r17f371fc89d34df2d0c8131473fbc68154290e...