CVE-2023-38493

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jul 25, 2023

Updated: Aug 3, 2023

CWE ID 863

Summary

CVE-2023-38493 is a vulnerability affecting the Armeria microservice framework supported by Spring. The issue arises when using Spring integration, where Armeria calls Spring controllers via TomcatService or JettyService. If the path contains matrix variables, the Armeria decorators may not be invoked, potentially allowing an attacker to bypass the authorization. This vulnerability was addressed in version 1.24.3 with a patch.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Linecorp Armeria

Affected Vendors

Linecorp

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sCSN9J
https://www.cve.org/CVERecord?id=CVE-2023-38493
https://nvd.nist.gov/vuln/detail/CVE-2023-38493

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners