{"id":"CVE-2021-41303","details":"Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0.","aliases":["GHSA-f6jp-j6w3-w9hm"],"modified":"2026-03-14T11:13:20.528942Z","published":"2021-09-17T09:15:09.267Z","references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/raae98bb934e4bde304465896ea02d9798e257e486d04a42221e2c41b%40%3Cuser.shiro.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/re470be1ffea44bca28ccb0e67a4cf5d744e2d2b981d00fdbbf5abc13%40%3Cannounce.shiro.apache.org%3E"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20220609-0001/"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpujul2022.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/shiro","events":[{"introduced":"0"},{"fixed":"a86c51a11c1b6df6b097e312f5709924479edccc"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.8.0"}]}}],"versions":["shiro-root-1.4.0-RC2","shiro-root-1.4.0-RC2-release-vote1","shiro-root-1.4.1","shiro-root-1.5.0","shiro-root-1.5.2","shiro-root-1.5.2-release-vote1","shiro-root-1.5.3","shiro-root-1.5.3-release-vote1","shiro-root-1.6.0","shiro-root-1.7.0","shiro-root-1.7.1"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0.8.2.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.8.3.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41303.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}