cbcvebase.
CVE-2019-11289
published 2019-11-19

CVE-2019-11289: Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route…

PriorityP346high8.6CVSS 3.1
AVNACLPRNUINSCCNINAH
EPSS
1.51%
71.3th percentile
Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash.

Affected

5 ranges
VendorProductVersion rangeFixed in
cloud_foundryrouting>= All < 0.193.00.193.0
cloudfoundrycf-deployment< 12.8.012.8.0
cloudfoundryrouting-release< 0.193.00.193.0
code.cloudfoundry.orggorouter>= 0 < 0.0.0-20191101214924-b1b5c44e050f0.0.0-20191101214924-b1b5c44e050f
github.comcloudfoundry_gorouter>= 0 < 0.0.0-20191101214924-b1b5c44e050f0.0.0-20191101214924-b1b5c44e050f

CVSS provenance

nvdv3.18.6HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
nvdv3.08.6HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.