-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| com.linecorp.armeria:armeria | maven | <= 1.24.2 | 1.24.3 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from how matrix variables were handled in request paths. The key functions are DefaultRequestTarget.forServer (which processes incoming paths) and RequestTarget.path (which returns the path for matching). Before the patch, these functions did not strip matrix variables from the path used for decorator matching. The commit adds matrix variable removal logic in DefaultRequestTarget and introduces RequestTarget.maybePathWithMatrixVariables to handle Spring's requirements, while ensuring decorators see the normalized path. The vulnerable versions lacked this sanitization, allowing path-based decorators to be bypassed via matrix variable injection.
Ongoing coverage of React2Shell