Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
1.15.1
-
None
-
None
Description
As per https://nvd.nist.gov/vuln/detail/CVE-2022-40664 ,
"Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher."
Geode 1.15.1 bundles version 1.9.1 of shiro-core jar which is vulnerable as per the CVE.
Also although the CVE doesn't include "1.10.0", but since more latest version "1.11.0" is available, logged ticket to bundle the same.
Attachments
Attachments
Issue Links
- links to