Trustin Lee

3 exploits Active since Jul 2014
CVE-2014-3488 WRITEUP WRITEUP
Netty < 3.9.2 - Denial of Service via SSLv2Hello Message
The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.
CVE-2019-16771 WRITEUP MEDIUM WRITEUP
Armeria 0.85.0-0.96.0 - HTTP Response Splitting via CRLF Injection
Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has been patched in 0.97.0. Potential impacts of this vulnerability include cross-user defacement, cache poisoning, Cross-site scripting (XSS), and page hijacking.
CVSS 4.8
CVE-2021-43795 WRITEUP HIGH WRITEUP
Armeria < 1.13.4 - Path Traversal via URL-Encoded Forward Slash Bypass
Armeria is an open source microservice framework. In affected versions an attacker can access an Armeria server's local file system beyond its restricted directory by sending an HTTP request whose path contains `%2F` (encoded `/`), such as `/files/..%2Fsecrets.txt`, bypassing Armeria's path validation logic. Armeria 1.13.4 or above contains the hardened path validation logic that handles `%2F` properly. This vulnerability can be worked around by inserting a decorator that performs an additional validation on the request path.
CVSS 7.5