Medium
Cloud Foundry Foundation
Cloud Foundry Cloud Controller (CAPI), versions prior to 1.88.0, contain a vulnerable version of the Loofah gem for Ruby. Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.
Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:
2019-11-12: Initial vulnerability report published.