Back to search
CVE-2022-32532
Published: Jun 28, 2022
Modified: Aug 3, 2024
PUBLISHED
Description
Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache Shiro | affected Before 1.9.1 |
Weaknesses (CWE)
References
https://lists.apache.org/thread/y8260dw8vbm99oq7zv6y3mzn5ovk90xh
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now