Apache Shiro 产品漏洞列表 / CVE 中文分析 14

Apache Shiro 产品相关 14 条漏洞，AI 中文标题与摘要、CVSS、POC 一站汇总。

ベンダー: Apache Software Foundation

CVE ID	タイトル	CVSS	深刻度	公開日
CVE-2026-23901	Apache Shiro: Brute force attack possible to determine valid user names CWE-208	6.5	-	2026-02-10
CVE-2026-23903	Apache Shiro: Auth bypass when accessing static files only on case-insensitive filesystems CWE-289	7.5	-	2026-02-09
CVE-2023-46749	Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting CWE-22	9.8	-	2024-01-15
CVE-2023-46750	Apache Shiro: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Shiro. CWE-601	6.1^AI	Medium^AI	2023-12-14
CVE-2023-34478	Apache Shiro before 1.12.0, or 2.0.0-alpha-3, may be susceptible to a path traversal attack when used together with APIs or other web frameworks that route requests based on non-normalized requests. CWE-22	9.8	-	2023-07-24
CVE-2023-22602	Apache Shiro before 1.11.0, when used with Spring Boot 2.6+, may allow authentication bypass through a specially crafted HTTP request CWE-436	7.5	-	2023-01-14
CVE-2022-40664	Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher CWE-287	9.8	-	2022-10-12
CVE-2022-32532	Authentication Bypass Vulnerability CWE-863	9.8	-	2022-06-28
CVE-2021-41303	Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass CWE-287	9.8	-	2021-09-17
CVE-2020-17523	Apache Shiro 授权问题漏洞	9.8	-	2021-02-03
CVE-2020-17510	Apache Shiro 授权问题漏洞	9.8	-	2020-11-05
CVE-2020-13933	Apache Shiro 授权问题漏洞	9.8	-	2020-08-17
CVE-2020-11989	Apache Shiro 授权问题漏洞	9.8	-	2020-06-22
CVE-2020-1957	Apache Shiro 授权问题漏洞	9.8	-	2020-03-25

Apache Shiro 产品累计公开 14 条 CVE 漏洞，本页提供按时间倒序的完整列表，包含 CVSS、CWE、AI 中文摘要与可获取的 POC 链接。