[jira] [Updated] (GEODE-10443) Update shiro-core to version 1.11.0 for CVE-2022-40664
[ https://issues.apache.org/jira/browse/GEODE-10443?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ankush Mittal updated GEODE-10443: -- Description: As per [https://nvd.nist.gov/vuln/detail/CVE-2022-40664] , _"Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher."_ Geode 1.15.1 bundles version 1.9.1 of shiro-core jar which is vulnerable as per the CVE. Also although the CVE doesn't include "1.10.0", but since more latest version "1.11.0" is available, logged ticket to bundle the same. was: As per [https://nvd.nist.gov/vuln/detail/CVE-2022-40664] , _"Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher."_ Geode 1.15.1 bundles version 1.9.1 of shiro-core jar which is vulnerable as per the CVE. Also although the CVE doesn't include "1.10.0", but since more latest version "1.11.0" is available, logged ticket to bundle the same. > Update shiro-core to version 1.11.0 for CVE-2022-40664 > -- > > Key: GEODE-10443 > URL: https://issues.apache.org/jira/browse/GEODE-10443 > Project: Geode > Issue Type: Bug >Affects Versions: 1.15.1 >Reporter: Ankush Mittal >Priority: Major > Labels: needsTriage > > As per [https://nvd.nist.gov/vuln/detail/CVE-2022-40664] , > _"Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro > when forwarding or including via RequestDispatcher."_ > Geode 1.15.1 bundles version 1.9.1 of shiro-core jar which is vulnerable as > per the CVE. > Also although the CVE doesn't include "1.10.0", but since more latest version > "1.11.0" is available, logged ticket to bundle the same. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (GEODE-10443) Update shiro-core to version 1.11.0 for CVE-2022-40664
Ankush Mittal created GEODE-10443: - Summary: Update shiro-core to version 1.11.0 for CVE-2022-40664 Key: GEODE-10443 URL: https://issues.apache.org/jira/browse/GEODE-10443 Project: Geode Issue Type: Bug Affects Versions: 1.15.1 Reporter: Ankush Mittal As per [https://nvd.nist.gov/vuln/detail/CVE-2022-40664] , _"Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher."_ Geode 1.15.1 bundles version 1.9.1 of shiro-core jar which is vulnerable as per the CVE. Also although the CVE doesn't include "1.10.0", but since more latest version "1.11.0" is available, logged ticket to bundle the same. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (GEODE-10443) Update shiro-core to version 1.11.0 for CVE-2022-40664
[ https://issues.apache.org/jira/browse/GEODE-10443?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Alexander Murmann updated GEODE-10443: -- Labels: needsTriage (was: ) > Update shiro-core to version 1.11.0 for CVE-2022-40664 > -- > > Key: GEODE-10443 > URL: https://issues.apache.org/jira/browse/GEODE-10443 > Project: Geode > Issue Type: Bug >Affects Versions: 1.15.1 >Reporter: Ankush Mittal >Priority: Major > Labels: needsTriage > > As per [https://nvd.nist.gov/vuln/detail/CVE-2022-40664] , > _"Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro > when forwarding or including via RequestDispatcher."_ > > Geode 1.15.1 bundles version 1.9.1 of shiro-core jar which is vulnerable as > per the CVE. > > Also although the CVE doesn't include "1.10.0", but since more latest version > "1.11.0" is available, logged ticket to bundle the same. -- This message was sent by Atlassian Jira (v8.20.10#820010)
