Cloud Foundry Routing (Gorouter) versions prior to 0.206.0 allow a malicious developer with "cf push" access to cause denial-of-service to the CF cluster by pushing an app that returns specially crafted HTTP responses that crash the Gorouters.
2020-09-03T01:15:10.857
2024-11-21T05:34:08.187
Modified
CVSSv3.1: 7.7 (HIGH)
AV:N/AC:L/Au:S/C:N/I:N/A:C
8.0
6.9
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | cloudfoundry | cf-deployment | < 13.15.0 | Yes |
Application | cloudfoundry | gorouter | < 0.206.0 | Yes |