{"id":"CVE-2023-46750","details":"URL Redirection to Untrusted Site ('Open Redirect') vulnerability when \"form\" authentication is used in Apache Shiro.\nMitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+.\n","aliases":["GHSA-hhw5-c326-822h"],"modified":"2026-04-11T12:46:12.994520Z","published":"2023-12-14T09:15:42.107Z","database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:a:apache:shiro:2.0.0:alpha1:*:*:*:*:*:*","extracted_events":[{"last_affected":"2.0.0-alpha1"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:shiro:2.0.0:alpha2:*:*:*:*:*:*","extracted_events":[{"last_affected":"2.0.0-alpha2"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:shiro:2.0.0:alpha3:*:*:*:*:*:*","extracted_events":[{"last_affected":"2.0.0-alpha3"}],"source":"CPE_FIELD"}]},"references":[{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240808-0002/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20241108-0002/"},{"type":"ARTICLE","url":"https://lists.apache.org/thread/hoc9zdyzmmrfj1zhctsvvtx844tcq6w9"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/shiro","events":[{"introduced":"0"},{"fixed":"86819589b3fe4442f4ec1b1cf34e6113afbba73b"}],"database_specific":{"cpe":"cpe:2.3:a:apache:shiro:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"1.13.0"}],"source":"CPE_FIELD"}}],"versions":["shiro-root-1.10.0","shiro-root-1.10.0-vote-1","shiro-root-1.11.0","shiro-root-1.13.0-vote-1","shiro-root-1.4.0-RC2","shiro-root-1.4.0-RC2-release-vote1","shiro-root-1.4.1","shiro-root-1.5.0","shiro-root-1.5.2","shiro-root-1.5.2-release-vote1","shiro-root-1.5.3","shiro-root-1.5.3-release-vote1","shiro-root-1.6.0","shiro-root-1.7.0","shiro-root-1.7.1","shiro-root-1.8.0","shiro-root-1.9.0","shiro-root-1.9.0-release-vote1","shiro-root-1.9.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-46750.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}