漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in com.linecorp.armeria:armeria
Vulnerability Description
Armeria is an open source microservice framework. In affected versions an attacker can access an Armeria server's local file system beyond its restricted directory by sending an HTTP request whose path contains `%2F` (encoded `/`), such as `/files/..%2Fsecrets.txt`, bypassing Armeria's path validation logic. Armeria 1.13.4 or above contains the hardened path validation logic that handles `%2F` properly. This vulnerability can be worked around by inserting a decorator that performs an additional validation on the request path.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Armeria 路径遍历漏洞
Vulnerability Description
Armeria是一款用于构建使用HTTP/2作为会话层协议的异步微服务器的开源库。 Armeria 存在路径遍历漏洞,该漏洞源于软件的路径验证逻辑存在问题。攻击者可以通过发送路径包含%2F(编码为/)的 HTTP 请求,例如/files/..%2Fsecrets.txt,访问其受限目录之外的 Armeria 服务器的本地文件系统, 绕过 Armeria 的路径验证逻辑。
CVSS Information
N/A
Vulnerability Type
N/A