{"id":"CVE-2023-46750","details":"URL Redirection to Untrusted Site ('Open Redirect') vulnerability when \"form\" authentication is used in Apache Shiro.\nMitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+.\n","aliases":["GHSA-hhw5-c326-822h"],"modified":"2026-04-10T05:03:56.650776Z","published":"2023-12-14T09:15:42.107Z","references":[{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240808-0002/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20241108-0002/"},{"type":"ARTICLE","url":"https://lists.apache.org/thread/hoc9zdyzmmrfj1zhctsvvtx844tcq6w9"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/shiro","events":[{"introduced":"0"},{"fixed":"86819589b3fe4442f4ec1b1cf34e6113afbba73b"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.13.0"}]}}],"versions":["shiro-root-1.10.0","shiro-root-1.10.0-vote-1","shiro-root-1.11.0","shiro-root-1.13.0-vote-1","shiro-root-1.4.0-RC2","shiro-root-1.4.0-RC2-release-vote1","shiro-root-1.4.1","shiro-root-1.5.0","shiro-root-1.5.2","shiro-root-1.5.2-release-vote1","shiro-root-1.5.3","shiro-root-1.5.3-release-vote1","shiro-root-1.6.0","shiro-root-1.7.0","shiro-root-1.7.1","shiro-root-1.8.0","shiro-root-1.9.0","shiro-root-1.9.0-release-vote1","shiro-root-1.9.1"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2.0.0-alpha1"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.0-alpha2"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.0-alpha3"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-46750.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}