GHSA-8fp4-rp6c-5gcv
Suggest an improvement- Source
- https://github.com/advisories/GHSA-8fp4-rp6c-5gcv
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/12/GHSA-8fp4-rp6c-5gcv/GHSA-8fp4-rp6c-5gcv.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-8fp4-rp6c-5gcv
- Aliases
- Related
- Published
- 2021-12-02T22:25:54Z
- Modified
- 2023-11-08T04:07:12.560417Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- Path Traversal in com.linecorp.armeria:armeria
- Details
-
Impact
An attacker can access an Armeria server's local file system beyond its restricted directory by sending an HTTP request whose path contains
%2F(encoded/), such as/files/..%2Fsecrets.txt, bypassing Armeria's path validation logic.Patches
Armeria 1.13.4 or above contains the hardened path validation logic that handles
%2Fproperly.Workarounds
This vulnerability can be worked around by inserting a decorator that performs an additional validation on the request path, e.g.
Server .builder() .serviceUnder( "/files", FileService .of(...) .decorate((delegate, ctx, req) -> { String path = req.headers().path(); if (path.contains("%2f") || path.contains("%2F")) { return HttpResponse.of(HttpStatus.BAD_REQUEST); } return delegate.serve(ctx, req); }) ) .build()For more information
If you have any questions or comments about this advisory: * Open an issue in line/armeria * Chat with us at Slack
Credits
This vulnerability was originally reported by Abdallah Zaher (elcayser-0x0a).
- Database specific
{ "cwe_ids": [ "CWE-22" ], "github_reviewed": true, "github_reviewed_at": "2021-12-02T21:28:29Z", "nvd_published_at": "2021-12-02T18:15:00Z", "severity": "HIGH" }- References
Affected packages
Maven / com.linecorp.armeria:armeria
Package
- Name
- com.linecorp.armeria:armeria
- View open source insights on deps.dev
- Purl
- pkg:maven/com.linecorp.armeria/armeria