CVE-2022-40664

Source
https://cve.org/CVERecord?id=CVE-2022-40664
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-40664.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-40664
Aliases
Downstream
Published
2022-10-12T00:00:00Z
Modified
2026-07-08T05:58:09.603579030Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher
Details

Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "Apache Shiro"
                },
                {
                    "fixed": "1.10.0"
                }
            ]
        },
        {
            "source": "DESCRIPTION",
            "extracted_events": [
                {
                    "fixed": "1.10.0"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/40xxx/CVE-2022-40664.json",
    "cna_assigner": "apache",
    "cwe_ids": [
        "CWE-287"
    ]
}
References

Affected packages

Git / github.com/apache/shiro

Affected ranges

Type
GIT
Repo
https://github.com/apache/shiro
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:apache:shiro:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.10.0"
        }
    ]
}

Affected versions

shiro-root-1.*
shiro-root-1.4.0-RC2
shiro-root-1.4.0-RC2-release-vote1
shiro-root-1.4.1
shiro-root-1.5.0
shiro-root-1.5.2
shiro-root-1.5.2-release-vote1
shiro-root-1.5.3
shiro-root-1.5.3-release-vote1
shiro-root-1.6.0
shiro-root-1.7.0
shiro-root-1.7.1
shiro-root-1.8.0
shiro-root-1.9.0
shiro-root-1.9.0-release-vote1
shiro-root-1.9.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-40664.json"