CAPI (Cloud Controller) versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain endpoints, causing the YAML parser to consume excessive CPU and RAM.
CPE | Name | Operator | Version |
---|---|---|---|
capi-release | lt | 1.101.0 | |
cf-deployment | lt | 15.0.0 |