Description
Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
Remediation
References
https://lists.apache.org/thread/y8260dw8vbm99oq7zv6y3mzn5ovk90xh
Related Vulnerabilities
CVE-2022-28154 Vulnerability in maven package org.jenkins-ci.plugins:covcomplplot
CVE-2020-12480 Vulnerability in maven package com.typesafe.play:play_2.11
CVE-2023-30867 Vulnerability in maven package org.apache.streampark:streampark
CVE-2021-27850 Vulnerability in maven package org.apache.tapestry:tapestry-core
CVE-2023-34238 Vulnerability in npm package gatsby-plugin-mdx