Apache Shiro is an open source Java security framework that provides several powerful features for securing applications, including authentication, authorization, session management, and cryptography. Affected versions of this software allow an attacker to circumvent the secure authentication process.
The CVE-2020-1957 vulnerability occurs because of an authentication bypass flaw when using Apache Shiro with Spring dynamic controllers. A remote attacker can create a malicious request that causes an authentication bypass, potentially affecting data confidentiality, integrity, and system availability.
Apache Shiro versions before 1.5.2
Install the provided software updates
Update to Apache Shiro version 1.5.2 or higher