Cloudfoundry Routing-release — known CVE vulnerabilities
Every CVE whose affected-product data names Cloudfoundry Routing-release, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2016-8218 — CVSS 9.8 (critical): An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231…
CVE-2019-11289 — CVSS 8.6 (high): Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could…
CVE-2018-1221 — CVSS 8.1 (high): In cf-deployment before 1.14.0 and routing-release before 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS…
CVE-2017-8034 — CVSS 6.6 (medium): The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0…
CVE-2020-5416 — CVSS 6.5 (medium): Cloud Foundry Routing (Gorouter), versions prior to 0.204.0, when used in a deployment with NGINX reverse proxies in front of the…
CVE-2020-15586 — CVSS 5.9 (medium): Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler…
CVE-2018-1193 — CVSS 5.3 (medium): Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can…
CVE-2023-34041 — CVSS 5.3 (medium): Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can…