Description
Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
Remediation
References
https://lists.apache.org/thread/y8260dw8vbm99oq7zv6y3mzn5ovk90xh
Related Vulnerabilities
CVE-2021-41561 Vulnerability in maven package org.apache.parquet:parquet
CVE-2020-2249 Vulnerability in maven package org.jenkins-ci.plugins:tfs
CVE-2018-17187 Vulnerability in maven package org.apache.qpid:proton-j
CVE-2020-12480 Vulnerability in maven package com.typesafe.play:play_2.11
CVE-2021-21290 Vulnerability in maven package io.netty:netty-common