{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-14T23:17:17.349","vulnerabilities":[{"cve":{"id":"CVE-2019-16771","sourceIdentifier":"security-advisories@github.com","published":"2019-12-06T19:15:10.787","lastModified":"2024-11-21T04:31:09.460","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has been patched in 0.97.0. Potential impacts of this vulnerability include cross-user defacement, cache poisoning, Cross-site scripting (XSS), and page hijacking."},{"lang":"es","value":"Las versiones 0.85.0 hasta la 0.96.0 incluyéndola de Armeria,  son vulnerables a una división de la respuesta HTTP, lo que permite a atacantes remotos inyectar encabezados HTTP arbitrarios por medio de secuencias CRLF cuando datos no saneados son usados para llenar los encabezados de una respuesta HTTP. Esta vulnerabilidad ha sido parcheada en la versión 0.97.0. Impactos potenciales de esta vulnerabilidad incluyen la desfiguración de usuarios cruzados, el envenenamiento de la caché, un ataque de tipo Cross-site scripting (XSS) y el secuestro de páginas."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-113"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-74"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:linecorp:armeria:*:*:*:*:*:*:*:*","versionStartIncluding":"0.85.0","versionEndExcluding":"0.97.0","matchCriteriaId":"7BB9CCDB-7459-4457-878A-371BFCA21B38"}]}]}],"references":[{"url":"https://github.com/line/armeria/commit/b597f7a865a527a84ee3d6937075cfbb4470ed20","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]},{"url":"https://github.com/line/armeria/security/advisories/GHSA-35fr-h7jr-hh86","source":"security-advisories@github.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://github.com/line/armeria/commit/b597f7a865a527a84ee3d6937075cfbb4470ed20","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://github.com/line/armeria/security/advisories/GHSA-35fr-h7jr-hh86","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}}]}