VYPR

Armeria

by Linecorp

Source repositories

CVEs (5)

  • CVE-2023-44487HigKEVOct 10, 2023
    risk 0.65cvss 7.5epss 1.00

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2026-11752Jun 18, 2026
    risk 0.00cvss epss 0.00

    ## External Control of File Name or Path in xDS SDS DataSource ### Summary `DataSourceStream` in the `:xds` module resolves control-plane-supplied `filename` and `environment_variable` fields from SDS Secret resources without any allow-list or base-directory confinement. A…

  • CVE-2023-38493Jul 25, 2023
    risk 0.00cvss epss 0.01

    Armeria is a microservice framework Spring supports Matrix variables. When Spring integration is used, Armeria calls Spring controllers via `TomcatService` or `JettyService` with the path that may contain matrix variables. Prior to version 1.24.3, the Armeria decorators might…

  • CVE-2021-43795Dec 2, 2021
    risk 0.00cvss epss 0.02

    Armeria is an open source microservice framework. In affected versions an attacker can access an Armeria server's local file system beyond its restricted directory by sending an HTTP request whose path contains `%2F` (encoded `/`), such as `/files/..%2Fsecrets.txt`, bypassing…

  • CVE-2019-16771Dec 6, 2019
    risk 0.00cvss epss 0.01

    Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has…