Routing-release

This hub aggregates every CVE we track for Routing-release, a product in the cloud saas space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 9 most recently published vulnerabilities affecting Routing-release.

• CVE-2023-34041CVE-2023-34041-Abuse of HTTP Hop-by-Hop Headers in Cloud Foundry Gorouter5.3Sep 8, 2023
• CVE-2020-5416CF clusters with NGINX in front of them may be vulnerable to DoS6.5Aug 21, 2020
• CVE-2020-15586Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at t...5.9Jul 17, 2020
• CVE-2019-11289A forged route service request using an invalid nonce can cause the gorouter to panic and crash8.6Nov 19, 2019
• CVE-2018-1193Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentia...5.3May 23, 2018
• CVE-2018-1221In cf-deployment before 1.14.0 and routing-release before 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers (ALBs) and some other HTTP-aware Load ...8.1Mar 19, 2018
• CVE-2017-8047In Cloud Foundry router routing-release all versions prior to v0.163.0 and cf-release all versions prior to v274, in some applications, it is possible to append a combination of characters to the U...6.1Oct 3, 2017
• CVE-2017-8034The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the iss...6.6Jul 17, 2017
• CVE-2016-8218An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token (JWT) libraries can a...9.8Jun 13, 2017