Approved changes feed: RSS · Atom
cpe:2.3:a:cloud_foundry:routing:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Cloud Foundry (bbc462c7-a964-5178-97e1-18033ab4dbd3) |
|---|---|
| Product | Routing (1715beff-d089-5da7-8267-2d58261a7f85) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-34041 |
vulnerable | 2026-06-03 14:52:15.466136 |
CVE-2023-34041-Abuse of HTTP Hop-by-Hop Headers in Cloud Foundry Gorouter
MEDIUM (5.3)
Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like B3 or X-B3-SpanID to affect the identification value recorded in the logs in foundations.
Published: 2023-09-08T07:22:00.607Z
Updated: 2024-08-02T15:54:14.253Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5420 |
vulnerable | 2026-06-03 14:42:56.437693 |
Gorouter is vulnerable to DoS attack via invalid HTTP responses
HIGH (7.7)
Cloud Foundry Routing (Gorouter) versions prior to 0.206.0 allow a malicious developer with "cf push" access to cause denial-of-service to the CF cluster by pushing an app that returns specially crafted HTTP responses that crash the Gorouters.
Published: 2020-09-03T01:10:16.091Z
Updated: 2024-09-17T02:06:44.110Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5416 |
vulnerable | 2026-06-03 14:42:56.429773 |
CF clusters with NGINX in front of them may be vulnerable to DoS
HIGH (7.7)
Cloud Foundry Routing (Gorouter), versions prior to 0.204.0, when used in a deployment with NGINX reverse proxies in front of the Gorouters, is potentially vulnerable to denial-of-service attacks in which an unauthenticated malicious attacker can send specially-crafted HTTP requests that may cause the Gorouters to be dropped from the NGINX backend pool.
Published: 2020-08-21T21:50:14.375Z
Updated: 2024-09-16T16:53:12.333Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5401 |
vulnerable | 2026-06-03 14:42:56.388602 |
Cloud Foundry GoRouter is vulnerable to cache poisoning
MEDIUM (5.3)
Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoRouter, which allows malicious clients to send invalid headers, causing caching layers to reject subsequent legitimate clients trying to access the app.
Published: 2020-02-27T19:30:23.717Z
Updated: 2024-09-16T17:38:11.499Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-11289 |
vulnerable | 2026-06-03 14:39:32.655341 |
A forged route service request using an invalid nonce can cause the gorouter to panic and crash
HIGH (8.6)
Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash.
Published: 2019-11-19T18:41:04.566Z
Updated: 2024-09-16T22:14:00.610Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.