Vulnerabilities (CVE)

Filtered by vendor Cloudfoundry Subscribe

Filtered by product Routing-release

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2018-1221	1 Cloudfoundry	2 Cf-deployment, Routing-release	2021-05-27	5.5 MEDIUM	8.1 HIGH
In cf-deployment before 1.14.0 and routing-release before 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers (ALBs) and some other HTTP-aware Load Balancers. A user with developer privileges could use this vulnerability to steal data or cause denial of service.
CVE-2019-11289	1 Cloudfoundry	2 Cf-deployment, Routing-release	2020-01-03	7.8 HIGH	8.6 HIGH
Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash.