Description
Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
Remediation
References
https://lists.apache.org/thread/y8260dw8vbm99oq7zv6y3mzn5ovk90xh
Related Vulnerabilities
CVE-2023-50771 Vulnerability in maven package org.jenkins-ci.plugins:oic-auth
CVE-2022-26112 Vulnerability in maven package org.apache.pinot:pinot-controller
CVE-2022-23974 Vulnerability in maven package org.apache.pinot:pinot
CVE-2023-28684 Vulnerability in maven package com.sap.jenkinsci:remote-jobs-view-plugin