[Announce] CVE-2020-11989: Authentication Bypass by Primary Weakness

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[Announce] CVE-2020-11989: Authentication Bypass by Primary Weakness

Brian Demers-2
Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.

This issue was independently discovered by two different researchers:
* Ruilin Yang of Tencent Security Xuanwu Lab
淚笑 (leixiao)