CVE-2024-1735
- EPSS 0.15%
- Veröffentlicht 26.02.2024 16:27:53
- Zuletzt bearbeitet 25.04.2025 18:13:45
A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later.
CVE-2023-44487
- EPSS 94.44%
- Veröffentlicht 10.10.2023 14:15:10
- Zuletzt bearbeitet 11.06.2025 17:29:54
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2023-38493
- EPSS 0.17%
- Veröffentlicht 25.07.2023 21:15:10
- Zuletzt bearbeitet 21.11.2024 08:13:41
Armeria is a microservice framework Spring supports Matrix variables. When Spring integration is used, Armeria calls Spring controllers via `TomcatService` or `JettyService` with the path that may contain matrix variables. Prior to version 1.24.3, th...
- EPSS 0.75%
- Veröffentlicht 02.12.2021 18:15:08
- Zuletzt bearbeitet 21.11.2024 06:29:48
Armeria is an open source microservice framework. In affected versions an attacker can access an Armeria server's local file system beyond its restricted directory by sending an HTTP request whose path contains `%2F` (encoded `/`), such as `/files/.....
CVE-2019-16771
- EPSS 0.42%
- Veröffentlicht 06.12.2019 19:15:10
- Zuletzt bearbeitet 21.11.2024 04:31:09
Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP resp...