Linecorp Armeria
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Linecorp Armeria.
By the Year
In 2026 there have been 0 vulnerabilities in Linecorp Armeria. Armeria did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 1 | 0.00 |
| 2023 | 2 | 7.50 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 7.50 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 6.50 |
It may take a day or so for new Armeria vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Linecorp Armeria Security Vulnerabilities
armeria-saml <1.27.2 Auth Bypass via Malicious SAML Messages
CVE-2024-1735
- February 26, 2024
A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later.
HTTP/2 DoS via Stream Reset in nginx
CVE-2023-44487
7.5 - High
- October 10, 2023
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Resource Exhaustion
Armeria <1.24.3 Matrix Var Auth Bypass
CVE-2023-38493
7.5 - High
- July 25, 2023
Armeria is a microservice framework Spring supports Matrix variables. When Spring integration is used, Armeria calls Spring controllers via `TomcatService` or `JettyService` with the path that may contain matrix variables. Prior to version 1.24.3, the Armeria decorators might not invoked because of the matrix variables. If an attacker sends a specially crafted request, the request may bypass the authorizer. Version 1.24.3 contains a patch for this issue.
Armeria is an open source microservice framework
CVE-2021-43795
7.5 - High
- December 02, 2021
Armeria is an open source microservice framework. In affected versions an attacker can access an Armeria server's local file system beyond its restricted directory by sending an HTTP request whose path contains `%2F` (encoded `/`), such as `/files/..%2Fsecrets.txt`, bypassing Armeria's path validation logic. Armeria 1.13.4 or above contains the hardened path validation logic that handles `%2F` properly. This vulnerability can be worked around by inserting a decorator that performs an additional validation on the request path.
Directory traversal
Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which
CVE-2019-16771
6.5 - Medium
- December 06, 2019
Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has been patched in 0.97.0. Potential impacts of this vulnerability include cross-user defacement, cache poisoning, Cross-site scripting (XSS), and page hijacking.
Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Linecorp Armeria or by Linecorp? Click the Watch button to subscribe.
