[jira] [Resolved] (AMQ-9003) CVE-2022-32532 | CVSS 9.80 | org.apache.shiro_shiro-core

Jira Tue, 19 Jul 2022 01:18:06 -0700


     [ 
https://issues.apache.org/jira/browse/AMQ-9003?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jean-Baptiste Onofré resolved AMQ-9003.
---------------------------------------
    Fix Version/s: 5.17.2
         Assignee: Jean-Baptiste Onofré
       Resolution: Duplicate

> CVE-2022-32532 | CVSS 9.80 | org.apache.shiro_shiro-core
> --------------------------------------------------------
>
>                 Key: AMQ-9003
>                 URL: https://issues.apache.org/jira/browse/AMQ-9003
>             Project: ActiveMQ
>          Issue Type: Bug
>    Affects Versions: 5.17.1
>            Reporter: Atmadeep Sen
>            Assignee: Jean-Baptiste Onofré
>            Priority: Critical
>             Fix For: 5.17.2
>
>
> CVE-2022-32532
> Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be 
> bypassed on some servlet containers. Applications using RegExPatternMatcher 
> with `.` in the regular expression are possibly vulnerable to an 
> authorization bypass.
> fixed in 1.9.1
> The latest version of AMQ 5.17.1 still is using 1.9.0 and we are waiting for 
> the fix in the next release. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (AMQ-9003) CVE-2022-32532 | CVSS 9.80 | org.apache.shiro_shiro-core

Reply via email to