CVE-2026-11752

A vulnerability has been identified in armeria-xds versions 1.38.0 through 1.39.0, where DataSourceStream in the xDS module can resolve control-plane-supplied filenames and environment variables without restriction, allowing a compromised or semi-trusted xDS control plane to read arbitrary local...

CVE-2026-11752

A vulnerability has been identified in armeria-xds versions 1.38.0 through 1.39.0, where DataSourceStream in the xDS module can resolve control-plane-supplied filenames and environment variables without restriction, allowing a compromised or semi-trusted xDS control plane to read arbitrary local...

CVE-2026-11752

Armeria-xds versions 1.38.0–1.39.0 contain a vulnerability in DataSourceStream where control-plane-supplied filenames and environment_variable fields from SDS secrets are resolved without any allow-list or base-directory confinement. A semi-trusted or compromised xDS control plane (or an attacker...

CVE-2019-16771

Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has been patched in...

EUVD-2019-0769

Malware in sbrugna...

EUVD-2021-2484

Malware in sbrugna...

EUVD-2023-2171

Malicious code in bioql PyPI...

EUVD-2024-0511

Malicious code in bioql PyPI...

CVE-2023-38493

Armeria is a microservice framework Spring supports Matrix variables. When Spring integration is used, Armeria calls Spring controllers via TomcatService or JettyService with the path that may contain matrix variables. Prior to version 1.24.3, the Armeria decorators might not invoked because of t...

CVE-2024-1735

A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later...

GHSA-HX5Q-V6PJ-533R SAML authentication bypass due to missing validation on unsigned SAML messages

Impact When SAML is used as the authentication mechanism, Central Dogma accepts unsigned SAML messages assertions, logout requests, etc. as they are, rather than rejecting them by default. As a result, an attacker can forge a SAML message to authenticate themselves, despite the fact that such an...

SAML authentication bypass due to missing validation on unsigned SAML messages

Impact When SAML is used as the authentication mechanism, Central Dogma accepts unsigned SAML messages assertions, logout requests, etc. as they are, rather than rejecting them by default. As a result, an attacker can forge a SAML message to authenticate themselves, despite the fact that such an...

com.linecorp.centraldogma:centraldogma-server-auth-saml (>=0.33.0 <=0.64.2) potentially affected by CVE-2024-1735 via com.linecorp.armeria:armeria-saml (>=0.76.2 <=1.27.1)

com.linecorp.armeria:armeria-saml MAVEN version =0.76.2, =0.33.0, =0.64.2 Source cves: CVE-2024-1735 Source advisory: OSV:GHSA-4M6J-23P2-8C54...

GHSA-4M6J-23P2-8C54 Armeria SAML authentication bypass due to missing validation on unsigned SAML messages

Impact The SAML implementation provided by armeria-saml currently accepts unsigned SAML messages assertions, logout requests, etc. as they are, rather than rejecting them by default. As a result, an attacker can forge a SAML message to authenticate themselves, despite the fact that such an unsign...

Armeria SAML authentication bypass due to missing validation on unsigned SAML messages

Impact The SAML implementation provided by armeria-saml currently accepts unsigned SAML messages assertions, logout requests, etc. as they are, rather than rejecting them by default. As a result, an attacker can forge a SAML message to authenticate themselves, despite the fact that such an unsign...

CVE-2024-1735

A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later...

CVE-2024-1735

A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later...

CVE-2024-1735

A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later...

CVE-2024-1735

A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later...

CVE-2024-1735

CVE-2024-1735 affects armeria-saml prior to 1.27.2, where the SAML message handling allows bypass of authentication due to improper validation of unsigned messages. Impact: authentication bypass when processing specially crafted or unsigned SAML messages. The issue has been fixed in Armeria on ve...