Ankush Mittal created GEODE-10443:
-------------------------------------
Summary: Update shiro-core to version 1.11.0 for CVE-2022-40664
Key: GEODE-10443
URL: https://issues.apache.org/jira/browse/GEODE-10443
Project: Geode
Issue Type: Bug
Affects Versions: 1.15.1
Reporter: Ankush Mittal
As per [https://nvd.nist.gov/vuln/detail/CVE-2022-40664] ,
_"Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when
forwarding or including via RequestDispatcher."_
Geode 1.15.1 bundles version 1.9.1 of shiro-core jar which is vulnerable as per
the CVE.
Also although the CVE doesn't include "1.10.0", but since more latest version
"1.11.0" is available, logged ticket to bundle the same.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
