VYPR

Maven package

com.linecorp.armeria/armeria

pkg:maven/com.linecorp.armeria/armeria

Vulnerabilities (3)

  • CVE-2023-38493Jul 25, 2023
    affected < 1.24.3fixed 1.24.3

    Armeria is a microservice framework Spring supports Matrix variables. When Spring integration is used, Armeria calls Spring controllers via `TomcatService` or `JettyService` with the path that may contain matrix variables. Prior to version 1.24.3, the Armeria decorators might not

  • CVE-2021-43795Dec 2, 2021
    affected >= 1.12.0, < 1.13.4fixed 1.13.4

    Armeria is an open source microservice framework. In affected versions an attacker can access an Armeria server's local file system beyond its restricted directory by sending an HTTP request whose path contains `%2F` (encoded `/`), such as `/files/..%2Fsecrets.txt`, bypassing Arm

  • CVE-2019-16771Dec 6, 2019
    affected >= 0.50.0, < 0.97.0fixed 0.97.0

    Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has b