漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Paths contain matrix variables bypass decorators
Vulnerability Description
Armeria is a microservice framework Spring supports Matrix variables. When Spring integration is used, Armeria calls Spring controllers via `TomcatService` or `JettyService` with the path that may contain matrix variables. Prior to version 1.24.3, the Armeria decorators might not invoked because of the matrix variables. If an attacker sends a specially crafted request, the request may bypass the authorizer. Version 1.24.3 contains a patch for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
授权机制不正确
Vulnerability Title
Armeria 安全漏洞
Vulnerability Description
Armeria是一款用于构建使用HTTP/2作为会话层协议的异步微服务器的开源库。 Armeria 1.24.3之前版本存在安全漏洞,该漏洞源于允许使用包含矩阵变量的JettyService路径绕过Armeria 装饰器。
CVSS Information
N/A
Vulnerability Type
N/A