Description
Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
Remediation
References
https://lists.apache.org/thread/y8260dw8vbm99oq7zv6y3mzn5ovk90xh
Related Vulnerabilities
CVE-2023-45819 Vulnerability in maven package org.webjars.npm:tinymce
CVE-2023-30518 Vulnerability in maven package io.jenkins.plugins:thycotic-secret-server
CVE-2023-40338 Vulnerability in maven package org.jenkins-ci.plugins:cloudbees-folder
CVE-2023-39532 Vulnerability in npm package ses
CVE-2022-46685 Vulnerability in maven package org.jenkins-ci.plugins:gitea