Code injection

2019-04-2521:29:00

PRIOn knowledge base

www.prio-n.com

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.1%

JSON

Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the component.

CPENameOperatorVersion
cf-deploymentlt7.9.0
credhubge1.9
credhublt1.9.10
credhubge2.1
credhublt2.1.3
uaa_releaselt64.0

Name	Operator	Version
cf-deployment	lt	7.9.0
credhub	ge	1.9
credhub	lt	1.9.10
credhub	ge	2.1
credhub	lt	2.1.3
uaa_release	lt	64.0

References

www.securityfocus.com/bid/108104

www.cloudfoundry.org/blog/cve-2019-3801