Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-46750

URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+.

Published

2023-12-14T09:15:42.107

Last Modified

2025-11-03T22:16:29.183

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

Weaknesses

Type: Secondary
CWE-601

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	shiro	< 1.13.0	Yes
Application	apache	shiro	2.0.0	Yes
Application	apache	shiro	2.0.0	Yes
Application	apache	shiro	2.0.0	Yes

References

https://lists.apache.org/thread/hoc9zdyzmmrfj1zhctsvvtx844tcq6w9 Mailing List ([email protected])
https://lists.apache.org/thread/hoc9zdyzmmrfj1zhctsvvtx844tcq6w9 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20240808-0002/ (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20241108-0002/ (af854a3a-2127-422b-91ae-364da2661108)