CVE-2023-38493 (High) detected in armeria-1.22.1.jar, armeria-1.15.0.jar #3069
Assignees
Labels
Mend: dependency security vulnerability
Security vulnerability detected by WhiteSource
Milestone
Comments
mend-for-github-com
bot
added
the
Mend: dependency security vulnerability
dlvenable
added a commit
to dlvenable/data-prepper
that referenced
this issue
Sep 18, 2023
…gies which fix some dependencies to specific versions. Instead, use dependency version requirements which allow for using newer versions. Resolves opensearch-project#3069. Signed-off-by: David Venable <[email protected]>
dlvenable
added a commit
that referenced
this issue
Sep 20, 2023
Updates Armeria to 1.25.2. This also removes a Gradle resolution strategy which fixes some dependencies to specific versions. Instead, use a dependency version requirement which allows for using newer versions. Resolves #3069. Signed-off-by: David Venable <[email protected]>
opensearch-trigger-bot bot
pushed a commit
that referenced
this issue
Sep 20, 2023
Updates Armeria to 1.25.2. This also removes a Gradle resolution strategy which fixes some dependencies to specific versions. Instead, use a dependency version requirement which allows for using newer versions. Resolves #3069. Signed-off-by: David Venable <[email protected]> (cherry picked from commit a016b7a)
dlvenable
added a commit
that referenced
this issue
Sep 20, 2023
Updates Armeria to 1.25.2. This also removes a Gradle resolution strategy which fixes some dependencies to specific versions. Instead, use a dependency version requirement which allows for using newer versions. Resolves #3069. Signed-off-by: David Venable <[email protected]> (cherry picked from commit a016b7a) Co-authored-by: David Venable <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2023-38493 - High Severity Vulnerability
armeria-1.22.1.jar
Asynchronous HTTP/2 RPC/REST client/server library built on top of Java 8, Netty, Thrift and gRPC (armeria)
Library home page: https://armeria.dev/
Path to dependency file: /data-prepper-plugins/otel-logs-source/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar
Dependency Hierarchy:
armeria-1.15.0.jar
Asynchronous HTTP/2 RPC/REST client/server library built on top of Java 8, Netty, Thrift and gRPC (armeria)
Library home page: https://armeria.dev/
Path to dependency file: /data-prepper-plugins/otel-logs-source/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.15.0/6c26d009aa047e14edb8b99926772d441ab75cf0/armeria-1.15.0.jar
Dependency Hierarchy:
Found in HEAD commit: 90bdaa7e7833bdd504c817e49d4434b4d8880f56
Found in base branch: main
Armeria is a microservice framework Spring supports Matrix variables. When Spring integration is used, Armeria calls Spring controllers via
TomcatServiceorJettyServicewith the path that may contain matrix variables. Prior to version 1.24.3, the Armeria decorators might not invoked because of the matrix variables. If an attacker sends a specially crafted request, the request may bypass the authorizer. Version 1.24.3 contains a patch for this issue.Publish Date: 2023-07-25
URL: CVE-2023-38493
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None
For more information on CVSS3 Scores, click here.The text was updated successfully, but these errors were encountered: