CVE-2019-16771

Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has been patched in...

EUVD-2021-2484

Malware in sbrugna...

EUVD-2019-0769

Malware in sbrugna...

EUVD-2024-0511

Malicious code in bioql PyPI...

EUVD-2023-2171

Malicious code in bioql PyPI...

CVE-2023-38493

Armeria is a microservice framework Spring supports Matrix variables. When Spring integration is used, Armeria calls Spring controllers via TomcatService or JettyService with the path that may contain matrix variables. Prior to version 1.24.3, the Armeria decorators might not invoked because of t...

CVE-2024-1735

A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later...

SAML authentication bypass due to missing validation on unsigned SAML messages

Impact When SAML is used as the authentication mechanism, Central Dogma accepts unsigned SAML messages assertions, logout requests, etc. as they are, rather than rejecting them by default. As a result, an attacker can forge a SAML message to authenticate themselves, despite the fact that such an...

GHSA-HX5Q-V6PJ-533R SAML authentication bypass due to missing validation on unsigned SAML messages

Impact When SAML is used as the authentication mechanism, Central Dogma accepts unsigned SAML messages assertions, logout requests, etc. as they are, rather than rejecting them by default. As a result, an attacker can forge a SAML message to authenticate themselves, despite the fact that such an...

Armeria SAML authentication bypass due to missing validation on unsigned SAML messages

Impact The SAML implementation provided by armeria-saml currently accepts unsigned SAML messages assertions, logout requests, etc. as they are, rather than rejecting them by default. As a result, an attacker can forge a SAML message to authenticate themselves, despite the fact that such an unsign...

GHSA-4M6J-23P2-8C54 Armeria SAML authentication bypass due to missing validation on unsigned SAML messages

Impact The SAML implementation provided by armeria-saml currently accepts unsigned SAML messages assertions, logout requests, etc. as they are, rather than rejecting them by default. As a result, an attacker can forge a SAML message to authenticate themselves, despite the fact that such an unsign...

CVE-2024-1735

A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later...

CVE-2024-1735

A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later...

CVE-2024-1735

A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later...

CVE-2024-1735

A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later...

CVE-2024-1735

CVE-2024-1735 affects armeria-saml prior to 1.27.2, where the SAML message handling allows bypass of authentication due to improper validation of unsigned messages. Impact: authentication bypass when processing specially crafted or unsigned SAML messages. The issue has been fixed in Armeria on ve...

PT-2024-40337 · Armeria +1 · Armeria +1

Name of the Vulnerable Software and Affected Versions: Central Dogma versions prior to 0.64.3 Description: The issue arises when SAML is used for authentication, as Central Dogma accepts unsigned SAML messages by default, instead of rejecting them. This allows an attacker to forge SAML messages f...

Armeria Security Breach

Armeria is an open source library for building asynchronous microservers that use HTTP/2 as the session layer protocol. A security vulnerability exists in versions of Armeria prior to 1.27.2 that stems from allowing authentication to be bypassed using malicious SAML messages...

This Week in Spring - August 29th, 2023 - the post SpringOne recovery blog

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm exhausted. Seriously. Last week was mental. If you need me, I'll be over sipping on a tea... But, before that, there's a ton of things to cover from this last week, as always, and there's no rest for the curious, so let's...

Authorization Bypass

armeria is Authorization Bypass. The vulnerability exists because the library does not properly remove matrix variables from the path on the server side when the library calls the spring controller via TomcatService or JettyService, which allows an attacker to bypass the authorization mechanism b...