Ha1C9On

**Name of the Vulnerable Software and Affected Versions** Spring WebFlux versions (affected versions not specified) **Description** Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass. The issue may allow a remote attacker to bypass existing security restrictions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache Shiro versions prior to 1.12.0 or 2.0.0-alpha-3 **Description** The issue is related to a path traversal attack that can result in an authentication bypass when Apache Shiro is used together with APIs or other web frameworks that route requests based on non-normalized requests. This can allow a remote attacker to bypass security restrictions by sending specially crafted requests. **Recommendations** Update to Apache Shiro 1.12.0+ or 2.0.0-alpha-3+ to resolve the issue.