CVE-2023-38493 (High) detected in armeria-1.22.1.jar, armeria-1.15.0.jar #3069
Labels
Mend: dependency security vulnerability
Security vulnerability detected by WhiteSource
Milestone
CVE-2023-38493 - High Severity Vulnerability
Vulnerable Libraries - armeria-1.22.1.jar, armeria-1.15.0.jar
armeria-1.22.1.jar
Asynchronous HTTP/2 RPC/REST client/server library built on top of Java 8, Netty, Thrift and gRPC (armeria)
Library home page: https://armeria.dev/
Path to dependency file: /data-prepper-plugins/otel-logs-source/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.22.1/9e34f008f55d4095f01f00ac90edf05e8c9f711a/armeria-1.22.1.jar
Dependency Hierarchy:
armeria-1.15.0.jar
Asynchronous HTTP/2 RPC/REST client/server library built on top of Java 8, Netty, Thrift and gRPC (armeria)
Library home page: https://armeria.dev/
Path to dependency file: /data-prepper-plugins/otel-logs-source/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.linecorp.armeria/armeria/1.15.0/6c26d009aa047e14edb8b99926772d441ab75cf0/armeria-1.15.0.jar
Dependency Hierarchy:
Found in HEAD commit: 90bdaa7e7833bdd504c817e49d4434b4d8880f56
Found in base branch: main
Vulnerability Details
Armeria is a microservice framework Spring supports Matrix variables. When Spring integration is used, Armeria calls Spring controllers via
TomcatService
orJettyService
with the path that may contain matrix variables. Prior to version 1.24.3, the Armeria decorators might not invoked because of the matrix variables. If an attacker sends a specially crafted request, the request may bypass the authorizer. Version 1.24.3 contains a patch for this issue.Publish Date: 2023-07-25
URL: CVE-2023-38493
CVSS 3 Score Details (7.5)
Base Score Metrics:
The text was updated successfully, but these errors were encountered: