VYPR

Routing Release

by Cloudfoundry

CVEs (11)

  • CVE-2016-8218CriJun 13, 2017
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users to the routing API, aka an…

  • CVE-2017-8034MedJul 17, 2017
    risk 0.43cvss 6.6epss 0.01

    The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer on JSON Web Tokens (JWTs) from UAA. With certain multi-zone UAA…

  • CVE-2017-8047MedOct 4, 2017
    risk 0.40cvss 6.1epss 0.01

    In Cloud Foundry router routing-release all versions prior to v0.163.0 and cf-release all versions prior to v274, in some applications, it is possible to append a combination of characters to the URL that will allow for an open redirect. An attacker could exploit this as a…

  • CVE-2018-1193MedMay 23, 2018
    risk 0.35cvss 5.3epss 0.01

    Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only respond over secure connections.

  • CVE-2026-22726MedMay 1, 2026
    risk 0.33cvss 5.0epss 0.00

    Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on…

  • CVE-2024-22279Jun 10, 2024
    risk 0.00cvss epss 0.00

    Improper handling of requests in Routing Release > v0.273.0 and <= v0.297.0 allows an unauthenticated attacker to degrade the service availability of the Cloud Foundry deployment if performed at scale.

  • CVE-2023-34061Jan 12, 2024
    risk 0.00cvss epss 0.01

    Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment.

  • CVE-2023-34041Sep 8, 2023
    risk 0.00cvss epss 0.00

    Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like B3 or X-B3-SpanID to affect the identification value recorded in the logs in foundations.

  • CVE-2023-20882May 26, 2023
    risk 0.00cvss epss 0.01

    In Cloud foundry routing release versions from 0.262.0 and prior to 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry. Under the right circumstances, when client connections are closed prematurely, gorouter marks the…

  • CVE-2020-5401Feb 27, 2020
    risk 0.00cvss epss 0.01

    Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoRouter, which allows malicious clients to send invalid headers, causing caching layers to reject subsequent legitimate clients trying to access the app.

  • CVE-2019-3789Apr 24, 2019
    risk 0.00cvss epss 0.01

    Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. A user with space developer permissions can create a private domain that shadows the external domain of the route…