CVE-2023-38493

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jul 25, 2023
Updated: Aug 3, 2023
CWE ID 863

Summary

CVE-2023-38493 is a high-severity vulnerability that affects the Armeria microservice framework. The vulnerability arises when Spring integration is used, and Armeria calls Spring controllers with paths containing matrix variables. Versions prior to 1.24.3 may not invoke the Armeria decorators due to these matrix variables, potentially allowing an attacker to bypass the authorizer by sending a specially crafted request. The issue has been patched in version 1.24.3. This vulnerability poses a high danger to organizations as it can lead to unauthorized access and compromise of sensitive information.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-38493 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options