Apache Shiro before 1.130 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting.
This issue has been addressed in the following products: Red Hat Fuse 7.13.0 Via RHSA-2024:3354 https://access.redhat.com/errata/RHSA-2024:3354