Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Duplicate
-
1.13.7
-
None
-
None
Description
As per https://nvd.nist.gov/vuln/detail/CVE-2022-32532
"Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass."
Geode bundles version 1.8.0 of shiro-core jar which is vulnerable as per the CVE.
Attachments
Issue Links
- is duplicated by
-
GEODE-10415 CVEs detected in latest geode
- Closed