| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|
| CVE-2023-46750 | vulnerable | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | vulnerable | URL Redirection to Untrusted Site ('Open Redirect') vulnerability when ... |
| CVE-2023-46749 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | fixed | Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a p ... |
| CVE-2023-34478 | vulnerable | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | vulnerable | Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a ... |
| CVE-2023-22602 | vulnerable | vulnerable | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | vulnerable | When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, ... |
| CVE-2022-40664 | vulnerable | vulnerable | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | vulnerable | Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shi ... |
| CVE-2022-32532 | vulnerable | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | vulnerable | Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured ... |
| CVE-2021-41303 | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | vulnerable | Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a ... |
| CVE-2020-17523 | vulnerable | fixed | fixed | fixed | fixed | fixed | fixed | Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a spec ... |
| CVE-2020-17510 | vulnerable | fixed | fixed | fixed | fixed | fixed | fixed | Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a spec ... |
| CVE-2020-13933 | vulnerable | fixed | fixed | fixed | fixed | fixed | fixed | Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafte ... |
| CVE-2020-11989 | vulnerable | fixed | fixed | fixed | fixed | fixed | fixed | Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic ... |
| CVE-2019-12422 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | vulnerable | Apache Shiro before 1.4.2, when using the default "remember me" config ... |
| CVE-2016-6802 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | fixed | fixed | Apache Shiro before 1.3.2 allows attackers to bypass intended servlet ... |
| CVE-2016-4437 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | fixed | fixed | Apache Shiro before 1.2.5, when a cipher key has not been configured f ... |