{"vulnerability": "CVE-2023-22602", "sightings": [{"uuid": "99c53f4e-01c5-4cdf-a232-17320ed69e14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22602", "type": "seen", "source": "https://t.me/cibsecurity/56506", "content": "\u203c CVE-2023-22602 \u203c\n\nWhen using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot < 2.6 default to Ant style pattern matching. Mitigation: Update to Apache Shiro 1.11.0, or set the following Spring Boot configuration value: `spring.mvc.pathmatch.matching-strategy = ant_path_matcher`\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-14T12:36:54.000000Z"}, {"uuid": "9caf8981-a380-4117-b25b-07b23b463263", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22602", "type": "seen", "source": "https://t.me/canyoupwnme/6848", "content": "CVE-2023-22602: Apache Shiro Authentication Bypass Vulnerability\nhttps://securityonline.info/cve-2023-22602-apache-shiro-authentication-bypass-vulnerability/", "creation_timestamp": "2023-01-22T05:10:05.000000Z"}]}