Incorrect Authorization Affecting shiro package, versions *
Threat Intelligence
EPSS
3.95% (93rd
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN9-SHIRO-2936911
- published 29 Jun 2022
- disclosed 29 Jun 2022
Introduced: 29 Jun 2022
CVE-2022-32532 Open this link in a new tabHow to fix?
There is no fixed version for Debian:9 shiro.
NVD Description
Note: Versions mentioned in the description apply only to the upstream shiro package and not the shiro package as distributed by Debian.
See How to fix? for Debian:9 relevant fixed versions and status.
Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with . in the regular expression are possibly vulnerable to an authorization bypass.
CVSS Scores
version 3.1