QwikSec

Security Database

CVE

CWE

Training

CVE-2023-46749

Published: Jan 15, 2024

Modified: Nov 3, 2025

PUBLISHED

Description

Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure `blockSemicolon` is enabled (this is the default).

Vendor	Product	Versions
Apache Software Foundation	Apache Shiro	affected `0 - < 1.13.0` affected `2.0.0-alpha-1 - < 2.0.0-alpha-4`

Weaknesses (CWE)

References

https://lists.apache.org/thread/mdv7ftz7k4488rzloxo2fb0p9shnp9wm

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.