Highminwoox

**Name of the Vulnerable Software and Affected Versions** Armeria versions prior to 1.24.3 **Description** The issue arises when Spring integration is used in Armeria, and the framework calls Spring controllers via `TomcatService` or `JettyService` with paths containing matrix variables. In such cases, the Armeria decorators may not be invoked due to the presence of matrix variables, potentially allowing an attacker to bypass the authorizer by sending a specially crafted request. For example, a request to `/important;a=b/resources` could bypass the authorizer. **Recommendations** For versions prior to 1.24.3, update to version 1.24.3 to resolve the issue. As a temporary workaround, consider adding decorators using regex, such as "regex:^/important.*", to ensure that the authorizer is invoked correctly.