This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch coheigea/security-report in repository https://gitbox.apache.org/repos/asf/shiro-site.git
commit a9638321a6ba67eb99298124a1b87207b5501235 Author: Colm O hEigeartaigh <[email protected]> AuthorDate: Mon Jul 4 12:17:28 2022 +0100 Adding CVE-2022-32532 to the security reports --- src/site/content/security-reports.adoc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/site/content/security-reports.adoc b/src/site/content/security-reports.adoc index 82e045742..5a923d999 100644 --- a/src/site/content/security-reports.adoc +++ b/src/site/content/security-reports.adoc @@ -28,6 +28,10 @@ A http://www.apache.org/security/committers.html[more detailed description of th == Apache Shiro Vulnerability Reports +=== link:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32532[CVE-2022-32532] + +Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass. + === link:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41303[CVE-2021-41303] Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass.
