Critical
Cloud Foundry Foundation
The original fix for CVE-2017-8033 included in CAPI-release 1.33.0 introduces a regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially-crafted application.
Users of affected versions should apply the following mitigation or upgrade:
This vulnerability was responsibly reported by the CAPI team.
2017-07-19: Initial vulnerability report published