Homepage

com.linecorp.armeria:armeria@0.5.1.Final vulnerabilities

  • latest version

    1.31.3

  • latest non vulnerable version

    1.31.3

  • first published

    9 years ago

  • latest version published

    1 months ago

  • licenses detected

  • package manager

    View on Maven Repository
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the com.linecorp.armeria:armeria package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Incorrect Authorization

    com.linecorp.armeria:armeria is an asynchronous HTTP/2 RPC/REST client/server library built on top of Java 8, Netty, Thrift and gRPC (armeria)

    Affected versions of this package are vulnerable to Incorrect Authorization. When Spring integration is used, Armeria calls Spring controllers via TomcatService or JettyService with the path that may contain matrix variables. The Armeria decorators might not be invoked because of the matrix variables. If an attacker sends a specially crafted request, the request may bypass the authorizer.

    How to fix Incorrect Authorization?

    Upgrade com.linecorp.armeria:armeria to version 1.24.3 or higher.

    [,1.24.3)
    • H
    Directory Traversal

    com.linecorp.armeria:armeria is an asynchronous HTTP/2 RPC/REST client/server library built on top of Java 8, Netty, Thrift and gRPC (armeria)

    Affected versions of this package are vulnerable to Directory Traversal by sending an HTTP request whose path contains %2F (encoded /), such as /files/..%2Fsecrets.txt

    How to fix Directory Traversal?

    Upgrade com.linecorp.armeria:armeria to version 1.12.0 or higher.

    [,1.12.0)
    Go back to all versions of this package