Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with . in the regular expression are possibly vulnerable to an authorization bypass.
.
{ "versions": [ { "introduced": "0" }, { "fixed": "1.9.1" } ] }
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-32532.json"