CVE-2022-32532

Name of the Vulnerable Software and Affected Versions Apache Shiro versions prior to 1.9.1

Description The issue concerns a potential misconfiguration of RegexRequestMatcher in certain servlet containers, which can lead to an authorization bypass. This affects applications that use RegExPatternMatcher with a regular expression containing the . character.

Recommendations For versions prior to 1.9.1, update to version 1.9.1 or later to resolve the issue. As a temporary workaround, consider reviewing and adjusting the configuration of RegexRequestMatcher to prevent potential bypasses, especially in applications using RegExPatternMatcher with . in the regular expression.