oss-sec mailing list archives
CVE-2022-32532: Apache Shiro: Authentication Bypass Vulnerability
From: Brian Demers <bdemers () apache org>
Date: Tue, 28 Jun 2022 15:32:01 -0400
Description: Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass. Credit: Apache Shiro would like the thank 4ra1n for reporting this issue.
Current thread:
- CVE-2022-32532: Apache Shiro: Authentication Bypass Vulnerability Brian Demers (Jun 28)