Cloud Foundry Diego vulnerabilities

CVE-2018-1265 [HIGH] CWE-434 CVE-2018-1265: Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar a Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. A remote attacker with CF admin privileges can upload a malicious buildpack that will allow a complete takeover of a Diego Cell VM and access to all apps running on that Diego Cell.

CVE-2016-3091 [HIGH] CWE-19 CVE-2016-3091: Cloud Foundry Diego 0.1468.0 through 0.1470.0 allows remote attackers to cause a denial of service. Cloud Foundry Diego 0.1468.0 through 0.1470.0 allows remote attackers to cause a denial of service.