Homepage
About Snyk

com.linecorp.armeria:armeria@1.16.2 vulnerabilities

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the com.linecorp.armeria:armeria package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Incorrect Authorization

com.linecorp.armeria:armeria is an asynchronous HTTP/2 RPC/REST client/server library built on top of Java 8, Netty, Thrift and gRPC (armeria)

Affected versions of this package are vulnerable to Incorrect Authorization. When Spring integration is used, Armeria calls Spring controllers via TomcatService or JettyService with the path that may contain matrix variables. The Armeria decorators might not be invoked because of the matrix variables. If an attacker sends a specially crafted request, the request may bypass the authorizer.

How to fix Incorrect Authorization?

Upgrade com.linecorp.armeria:armeria to version 1.24.3 or higher.

[,1.24.3)
Go back to all versions of this package