Details
-
Bug
-
Status: Resolved
-
Critical
-
Resolution: Duplicate
-
5.17.1
-
None
-
None
Description
CVE-2022-32532
Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
fixed in 1.9.1
The latest version of AMQ 5.17.1 still is using 1.9.0 and we are waiting for the fix in the next release.
Attachments
Issue Links
- is duplicated by
-
AMQ-8990 Upgrade to shiro 1.9.1
- Resolved