Linecorp Armeria 1.7.0

CPE Details

Linecorp Armeria 1.7.0
linecorp
armeria
1.7.0
2023-08-02
12h11 +00:00
2023-08-03
00h25 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:linecorp:armeria:1.7.0:*:*:*:*:*:*:*

Informations

Vendor

linecorp

Product

armeria

Version

1.7.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-44487 2023-10-10 00h00 +00:00 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
7.5
High
CVE-2023-38493 2023-07-25 20h51 +00:00 Armeria is a microservice framework Spring supports Matrix variables. When Spring integration is used, Armeria calls Spring controllers via `TomcatService` or `JettyService` with the path that may contain matrix variables. Prior to version 1.24.3, the Armeria decorators might not invoked because of the matrix variables. If an attacker sends a specially crafted request, the request may bypass the authorizer. Version 1.24.3 contains a patch for this issue.
7.5
High
CVE-2021-43795 2021-12-02 17h00 +00:00 Armeria is an open source microservice framework. In affected versions an attacker can access an Armeria server's local file system beyond its restricted directory by sending an HTTP request whose path contains `%2F` (encoded `/`), such as `/files/..%2Fsecrets.txt`, bypassing Armeria's path validation logic. Armeria 1.13.4 or above contains the hardened path validation logic that handles `%2F` properly. This vulnerability can be worked around by inserting a decorator that performs an additional validation on the request path.
7.5
High