CVE-2023-46749

Summary

CVE-2023-46749 is a newly identified vulnerability affecting Apache Shiro versions prior to 1.13.0 and 2.0.0-alpha-4. This issue allows an attacker to execute a path traversal attack, which in turn results in an authentication bypass. The vulnerability is exacerbated when path rewriting is present in the application. To mitigate this risk, users are advised to update Apache Shiro to version 1.13.0 or later, or to version 2.0.0-alpha-4 or later. Alternatively, ensuring that the `blockSemicolon` feature is enabled (which is the default setting) can also help prevent this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.