Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-38493

Published: 25/07/2023 Updated: 03/08/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Linecorp

Vulnerability Summary

Armeria is a microservice framework Spring supports Matrix variables. When Spring integration is used, Armeria calls Spring controllers via `TomcatService` or `JettyService` with the path that may contain matrix variables. Prior to version 1.24.3, the Armeria decorators might not invoked because of the matrix variables. If an attacker sends a specially crafted request, the request may bypass the authorizer. Version 1.24.3 contains a patch for this issue.

Vulnerable Product Search on Vulmon Subscribe to Product

linecorp armeria

References

NVD-CWE-noinfohttps://github.com/line/armeria/security/advisories/GHSA-wvp2-9ppw-337jhttps://github.com/line/armeria/commit/039db50bbfc88014ea8737fd1e1ddd6fd3fc4f07https://docs.spring.io/spring-framework/reference/web/webmvc/mvc-controller/ann-methods/matrix-variables.htmlhttps://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook