CVE-2023-46750: Open redirect in Apache Shiro
(updated )
URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability when “form” authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+.
References
- github.com/advisories/GHSA-hhw5-c326-822h
- github.com/apache/shiro
- github.com/apache/shiro/commit/3b80f5c8e5a95ba31e92e4825ecc0ba3148b555a
- github.com/apache/shiro/commit/8400d08d5eac0bc4fae99d28c5adc82dd8a86eda
- lists.apache.org/thread/hoc9zdyzmmrfj1zhctsvvtx844tcq6w9
- nvd.nist.gov/vuln/detail/CVE-2023-46750
- security.netapp.com/advisory/ntap-20240808-0002
Code Behaviors & Features
Detect and mitigate CVE-2023-46750 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →