Uploaded image for project: 'ActiveMQ Classic'
  1. ActiveMQ Classic
  2. AMQ-9003

CVE-2022-32532 | CVSS 9.80 | org.apache.shiro_shiro-core

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Duplicate
    • 5.17.1
    • 5.17.2
    • None
    • None

    Description

      CVE-2022-32532

      Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.

      fixed in 1.9.1

      The latest version of AMQ 5.17.1 still is using 1.9.0 and we are waiting for the fix in the next release. 

      Attachments

        Issue Links

          is duplicated by

          Dependency upgrade - Upgrading a dependency to a newer version AMQ-8990 Upgrade to shiro 1.9.1

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              jbonofre Jean-Baptiste Onofré
              satmadeep Atmadeep Sen
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: