Cloud Foundry Routing vulnerabilities

5 known vulnerabilities affecting cloud_foundry/routing.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2023-34041MEDIUMCVSS 5.3≥ all, < 0.278.02023-09-08
CVE-2023-34041 [MEDIUM] CVE-2023-34041: Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop H Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like B3 or X-B3-SpanID to affect the identification value recorded in the logs in foundations.
cvelistv5nvd
CVE-2020-5420HIGHCVSS 7.7≥ All, < 0.206.02020-09-03
CVE-2020-5420 [HIGH] CWE-754 CVE-2020-5420: Cloud Foundry Routing (Gorouter) versions prior to 0.206.0 allow a malicious developer with "cf push Cloud Foundry Routing (Gorouter) versions prior to 0.206.0 allow a malicious developer with "cf push" access to cause denial-of-service to the CF cluster by pushing an app that returns specially crafted HTTP responses that crash the Gorouters.
cvelistv5nvd
CVE-2020-5416MEDIUMCVSS 6.5≥ All, < 0.204.02020-08-21
CVE-2020-5416 [MEDIUM] CWE-404 CVE-2020-5416: Cloud Foundry Routing (Gorouter), versions prior to 0.204.0, when used in a deployment with NGINX re Cloud Foundry Routing (Gorouter), versions prior to 0.204.0, when used in a deployment with NGINX reverse proxies in front of the Gorouters, is potentially vulnerable to denial-of-service attacks in which an unauthenticated malicious attacker can send specially-crafted HTTP requests that may cause the Gorouters to be dropped from the NGINX backend poo
cvelistv5nvd
CVE-2020-5401MEDIUMCVSS 5.3≥ unspecified, < 0.197.02020-02-27
CVE-2020-5401 [MEDIUM] CWE-393 CVE-2020-5401: Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoRouter, which allows malicious Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoRouter, which allows malicious clients to send invalid headers, causing caching layers to reject subsequent legitimate clients trying to access the app.
cvelistv5nvd
CVE-2019-11289HIGHCVSS 8.6≥ All, < 0.193.02019-11-19
CVE-2019-11289 [HIGH] CWE-20 CVE-2019-11289: Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash.
cvelistv5nvd