Linecorp Armeria 1.20.3

CPE Details

Linecorp Armeria 1.20.3
linecorp
armeria
1.20.3
2023-08-02
12h11 +00:00
2023-08-03
00h25 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:linecorp:armeria:1.20.3:*:*:*:*:*:*:*

Informations

Vendor

linecorp

Product

armeria

Version

1.20.3

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-44487 2023-10-10 00h00 +00:00 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
7.5
Haute
CVE-2023-38493 2023-07-25 20h51 +00:00 Armeria is a microservice framework Spring supports Matrix variables. When Spring integration is used, Armeria calls Spring controllers via `TomcatService` or `JettyService` with the path that may contain matrix variables. Prior to version 1.24.3, the Armeria decorators might not invoked because of the matrix variables. If an attacker sends a specially crafted request, the request may bypass the authorizer. Version 1.24.3 contains a patch for this issue.
7.5
Haute