Uploaded image for project: 'Geode'
  1. Geode
  2. GEODE-10406

Update shiro-core to version 1.9.1 for CVE-2022-32532

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Duplicate
    • 1.13.7
    • None
    • None

    Description

      As per https://nvd.nist.gov/vuln/detail/CVE-2022-32532

      "Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass."

      Geode bundles version 1.8.0 of shiro-core jar which is vulnerable as per the CVE.

      Attachments

        Issue Links

          Activity

            People

              mkevo Mario Kevo
              mittalankush Ankush Mittal
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: