[jira] [Commented] (AMQ-9003) CVE-2022-32532 | CVSS 9.80 | org.apache.shiro_shiro-core

Jira Tue, 19 Jul 2022 01:18:06 -0700


    [ 
https://issues.apache.org/jira/browse/AMQ-9003?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17568412#comment-17568412
 ]


Jean-Baptiste Onofré commented on AMQ-9003:
-------------------------------------------

https://github.com/apache/activemq/pull/858

> CVE-2022-32532 | CVSS 9.80 | org.apache.shiro_shiro-core
> --------------------------------------------------------
>
>                 Key: AMQ-9003
>                 URL: https://issues.apache.org/jira/browse/AMQ-9003
>             Project: ActiveMQ
>          Issue Type: Bug
>    Affects Versions: 5.17.1
>            Reporter: Atmadeep Sen
>            Priority: Critical
>
> CVE-2022-32532
> Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be 
> bypassed on some servlet containers. Applications using RegExPatternMatcher 
> with `.` in the regular expression are possibly vulnerable to an 
> authorization bypass.
> fixed in 1.9.1
> The latest version of AMQ 5.17.1 still is using 1.9.0 and we are waiting for 
> the fix in the next release. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (AMQ-9003) CVE-2022-32532 | CVSS 9.80 | org.apache.shiro_shiro-core

Reply via email to