CVE-2024-1735
- EPSS 0.15%
- Published 26.02.2024 16:27:53
- Last modified 25.04.2025 18:13:45
A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later.
CVE-2023-44487
- EPSS 94.44%
- Published 10.10.2023 14:15:10
- Last modified 11.06.2025 17:29:54
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2023-38493
- EPSS 0.17%
- Published 25.07.2023 21:15:10
- Last modified 21.11.2024 08:13:41
Armeria is a microservice framework Spring supports Matrix variables. When Spring integration is used, Armeria calls Spring controllers via `TomcatService` or `JettyService` with the path that may contain matrix variables. Prior to version 1.24.3, th...
- EPSS 0.75%
- Published 02.12.2021 18:15:08
- Last modified 21.11.2024 06:29:48
Armeria is an open source microservice framework. In affected versions an attacker can access an Armeria server's local file system beyond its restricted directory by sending an HTTP request whose path contains `%2F` (encoded `/`), such as `/files/.....
CVE-2019-16771
- EPSS 0.42%
- Published 06.12.2019 19:15:10
- Last modified 21.11.2024 04:31:09
Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP resp...