CVE-2022-32532

CVE-2022-32532: Authentication Bypass Vulnerability

Vendor Apache Software Foundation

Product Apache Shiro

Weakness CWE-863 · Incorrect authorization

Published June 28, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.

Key dates

02Disclosure timeline

June 28, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-32532 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/863.html

Related vulnerabilities

CVE-2022-32532: Authentication Bypass Vulnerability

01Description

02Disclosure timeline

03References

04Related CVE