Armeria is an open source library for building asynchronous microservers that use HTTP/2 as the session layer protocol.Armeria is vulnerable to a path traversal vulnerability that stems from a flaw in the software’s path validation logic. An attacker could send an HTTP request with a path containing / (encoded as /), such as /files/… /secrets.txt to access the local file system of the Armeria server outside of its restricted directory, bypassing Armeria’s path validation logic.