shiro-core is vulnerable to authorization bypass. The vulnerability exists due to the case-insensitive regex pattern matching used in the matches
function of RegExPatternMatcher.java
, allowing an attacker to bypass the servlet container when RegExPatternMatcher
with .
in the regular expression
CPE | Name | Operator | Version |
---|---|---|---|
apache shiro :: core | le | 1.9.0 | |
apache shiro :: core | le | 1.9.0 |