CVE-2022-32532

Опубликовано: 29 июн. 2022

Источник: ubuntu

Приоритет: medium

CVSS2: 7.5

CVSS3: 9.8

Описание

Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with . in the regular expression are possibly vulnerable to an authorization bypass.

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	needs-triage
esm-apps/bionic	needs-triage
esm-apps/focal	needs-triage
esm-apps/jammy	needs-triage
esm-apps/noble	needs-triage
esm-apps/xenial	needs-triage
focal	ignored	end of standard support, was needs-triage
impish	ignored	end of life
jammy	needs-triage

Показывать по

Ссылки на источники

7.5 High

CVSS2

9.8 Critical

CVSS3

Связанные уязвимости

CVE-2022-32532

CVSS3: 8.1

redhat

больше 3 лет назад

Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.

CVE-2022-32532

CVSS3: 9.8

nvd

больше 3 лет назад

CVE-2022-32532

CVSS3: 9.8

debian

больше 3 лет назад

Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured ...

GHSA-4cf5-xmhp-3xj7

CVSS3: 9.8

github

больше 3 лет назад

Improper Authorization in Apache Shiro

7.5 High

CVSS2

9.8 Critical

CVSS3

CVE-2022-32532

Описание

Пакет shiro

Ссылки на источники

Связанные уязвимости