Medium
Cloud Foundry Foundation
The BOSH Azure CPI could potentially allow a maliciously crafted stemcell to execute arbitrary code on VMs created by the director.
OSS users are strongly encouraged to follow the mitigation below:
Paul Nikonowicz and Sunjay Bhatia
2017-04-04: Initial vulnerability report published