Vulnerability CVE-2023-46749
Published: 2024-01-15

Description:
Apache Shiro before 1.130 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting

Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure `blockSemicolon` is enabled (this is the default).

Type:

CWE-22

 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

 References:
https://lists.apache.org/thread/mdv7ftz7k4488rzloxo2fb0p9shnp9wm
Copyright 2026, cxsecurity.com

 

Back to Top