VYPR

Routing (Gorouter)

by Cloudfoundry

CVEs (4)

  • CVE-2018-1221HigMar 19, 2018
    risk 0.53cvss 8.1epss 0.01

    In cf-deployment before 1.14.0 and routing-release before 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers (ALBs) and some other HTTP-aware Load Balancers. A user with developer privileges could use this vulnerability to steal…

  • CVE-2016-0713MedAug 31, 2017
    risk 0.31cvss 4.7epss 0.01

    Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks via vectors related to modified requests.

  • CVE-2020-5420Sep 3, 2020
    risk 0.00cvss epss 0.01

    Cloud Foundry Routing (Gorouter) versions prior to 0.206.0 allow a malicious developer with "cf push" access to cause denial-of-service to the CF cluster by pushing an app that returns specially crafted HTTP responses that crash the Gorouters.

  • CVE-2020-5416Aug 21, 2020
    risk 0.00cvss epss 0.01

    Cloud Foundry Routing (Gorouter), versions prior to 0.204.0, when used in a deployment with NGINX reverse proxies in front of the Gorouters, is potentially vulnerable to denial-of-service attacks in which an unauthenticated malicious attacker can send specially-crafted HTTP…