Critical severityNVD Advisory· Published Jun 28, 2022· Updated Aug 3, 2024
Authentication Bypass Vulnerability
CVE-2022-32532
Description
Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with . in the regular expression are possibly vulnerable to an authorization bypass.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.shiro:shiro-coreMaven | < 1.9.1 | 1.9.1 |
Affected products
2- Apache Software Foundation/Apache Shirov5Range: Before 1.9.1
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-4cf5-xmhp-3xj7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-32532ghsaADVISORY
- lists.apache.org/thread/y8260dw8vbm99oq7zv6y3mzn5ovk90xhghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.