You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@shiro.apache.org by co...@apache.org on 2022/07/04 11:17:54 UTC

[shiro-site] 01/01: Adding CVE-2022-32532 to the security reports

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch coheigea/security-report
in repository https://gitbox.apache.org/repos/asf/shiro-site.git

commit a9638321a6ba67eb99298124a1b87207b5501235
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Mon Jul 4 12:17:28 2022 +0100

    Adding CVE-2022-32532 to the security reports
---
 src/site/content/security-reports.adoc | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/site/content/security-reports.adoc b/src/site/content/security-reports.adoc
index 82e045742..5a923d999 100644
--- a/src/site/content/security-reports.adoc
+++ b/src/site/content/security-reports.adoc
@@ -28,6 +28,10 @@ A http://www.apache.org/security/committers.html[more detailed description of th
 
 == Apache Shiro Vulnerability Reports
 
+=== link:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32532[CVE-2022-32532]
+
+Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
+
 === link:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41303[CVE-2021-41303]
 
 Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass.