Apache Shiro ȨÏÞÈÆ¹ýÎó²îΣº¦Í¨¸æ
Ðû²¼Ê±¼ä 2020-03-26Îó²î±àºÅºÍ¼¶±ð
CVE±àºÅ£ºCVE-2020-1957£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
Ó°Ïì°æ±¾
Apache Shiro < 1.5.2
Îó²î¸ÅÊö
Apache ShiroÊÇÒ»¸öJavaÇå¾²¿ò¼Ü£¬£¬£¬£¬£¬£¬£¬Ö´ÐÐÉí·ÝÑéÖ¤¡¢ÊÚȨ¡¢ÃÜÂë¡¢»á»°ÖÎÀí¡£¡£¡£¡£¡£ShiroÊÇApache µÄÒ»¸ö¿ªÔ´ÏîÄ¿£¬£¬£¬£¬£¬£¬£¬Ç°ÉíÊÇJSecurity ÏîÄ¿£¬£¬£¬£¬£¬£¬£¬Ê¼ÓÚ2003ÄêÍ·¡£¡£¡£¡£¡£Shiro ¿ÉÒÔΪÈκÎÓ¦ÓÃÌṩÇå¾²°ü¹Ü - ´ÓÏÂÁîÐÐÓ¦Óá¢Òƶ¯Ó¦Óõ½´óÐÍÍøÂç¼°ÆóÒµÓ¦Óᣡ£¡£¡£¡£
¿ËÈÕ£¬£¬£¬£¬£¬£¬£¬Shiro¹Ù·½Ðû²¼ÁËÒ»¸öÇå¾²¸üÐÂͨ¸æ£º Shiro < 1.5.2 °æ±¾±£´æÒ»´¦È¨ÏÞÈÆ¹ýÎó²î£¬£¬£¬£¬£¬£¬£¬µ±ÊÜÓ°Ïì°æ±¾µÄ Shiro¿ò¼ÜÁ¬Ïµ Spring dynamic controllers ʹÓÃʱ£¬£¬£¬£¬£¬£¬£¬Î´¾ÊÚȨµÄÔ¶³Ì¹¥»÷Õß¿ÉÒÔͨ¹ýÈ«ÐĽṹµÄÇëÇó°ü¾ÙÐÐȨÏÞÈÆ¹ý£¬£¬£¬£¬£¬£¬£¬¿ÉÄÜÔì³É¼øÈ¨ÏµÍ³Ê§Ð§ÒÔ¼°ºǫ́¹¦Ð§Ì»Â¶¡£¡£¡£¡£¡£
Îó²îÑéÖ¤
ÔÝÎÞPoC/EXP¡£¡£¡£¡£¡£
ÐÞ¸´½¨Òé
ÏÖÔÚ¹Ù·½ÒÑÐû²¼Ð°汾£¬£¬£¬£¬£¬£¬£¬Çë¸üе½ Shiro 1.5.2¼°ÒÔÉϰ汾£¬£¬£¬£¬£¬£¬£¬Á´½Ó£ºhttp://shiro.apache.org/download.html¡£¡£¡£¡£¡£
²Î¿¼Á´½Ó
https://seclists.org/oss-sec/2020/q1/120