CVE-2023-46750: URL Redirection to Untrusted Site ('Open Redirect')

December 14, 2023 (updated December 18, 2023)

URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability when “form” authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+.

References

github.com/advisories/GHSA-hhw5-c326-822h
github.com/apache/shiro/commit/3b80f5c8e5a95ba31e92e4825ecc0ba3148b555a
github.com/apache/shiro/commit/8400d08d5eac0bc4fae99d28c5adc82dd8a86eda
lists.apache.org/thread/hoc9zdyzmmrfj1zhctsvvtx844tcq6w9
nvd.nist.gov/vuln/detail/CVE-2023-46750

Code Behaviors & Features

Detect and mitigate CVE-2023-46750 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →