Critical
Cloud Foundry Foundation
Cloud Foundry Node.js Buildpack, versions prior to 1.7.11, defaults to a version of Node.js that is vulnerable to HTTP request smuggling, which allows malicious payload delivery to unsuspecting users.
Severity is critical unless otherwise noted.
Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:
2020-03-09: Initial vulnerability report published.