Apache Shiro before 1.4.2, when using the default “remember me” configuration, cookies could be susceptible to a padding attack. CVE-2020-1957(权限绕过) Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication b...