Maven package
com.linecorp.armeria/armeria
pkg:maven/com.linecorp.armeria/armeria
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-38493 | — | < 1.24.3 | 1.24.3 | Jul 25, 2023 | Armeria is a microservice framework Spring supports Matrix variables. When Spring integration is used, Armeria calls Spring controllers via `TomcatService` or `JettyService` with the path that may contain matrix variables. Prior to version 1.24.3, the Armeria decorators might not | ||
| CVE-2021-43795 | — | >= 1.12.0, < 1.13.4 | 1.13.4 | Dec 2, 2021 | Armeria is an open source microservice framework. In affected versions an attacker can access an Armeria server's local file system beyond its restricted directory by sending an HTTP request whose path contains `%2F` (encoded `/`), such as `/files/..%2Fsecrets.txt`, bypassing Arm | ||
| CVE-2019-16771 | — | >= 0.50.0, < 0.97.0 | 0.97.0 | Dec 6, 2019 | Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has b |
- CVE-2023-38493Jul 25, 2023affected < 1.24.3fixed 1.24.3
Armeria is a microservice framework Spring supports Matrix variables. When Spring integration is used, Armeria calls Spring controllers via `TomcatService` or `JettyService` with the path that may contain matrix variables. Prior to version 1.24.3, the Armeria decorators might not
- CVE-2021-43795Dec 2, 2021affected >= 1.12.0, < 1.13.4fixed 1.13.4
Armeria is an open source microservice framework. In affected versions an attacker can access an Armeria server's local file system beyond its restricted directory by sending an HTTP request whose path contains `%2F` (encoded `/`), such as `/files/..%2Fsecrets.txt`, bypassing Arm
- CVE-2019-16771Dec 6, 2019affected >= 0.50.0, < 0.97.0fixed 0.97.0
Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has b