CVE-2026-22726 Route Services Firewall Bypass

Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on internal networks...

EUVD-2020-26580

Malware in sbrugna...

EUVD-2021-0951

Malware in sbrugna...

PT-2024-12464 · Unknown · Cloud Foundry

Name of the Vulnerable Software and Affected Versions: Cloud Foundry routing release versions from v0.163.0 to v0.283.0 Description: The issue allows an unauthenticated attacker to force route pruning, which can degrade the service availability of the Cloud Foundry deployment. This is achieved...

PT-2023-24652 · Cloud Foundry · Cloud Foundry Routing

Name of the Vulnerable Software and Affected Versions: Cloud Foundry Routing versions prior to 0.278.0 Description: The issue allows an unauthenticated attacker to abuse HTTP Hop-by-Hop Headers, affecting the identification value recorded in logs. Specifically, headers like B3 or X-B3-SpanID can ...

CVE-2020-5420

Cloud Foundry Routing Gorouter versions prior to 0.206.0 allow a malicious developer with "cf push" access to cause denial-of-service to the CF cluster by pushing an app that returns specially crafted HTTP responses that crash the Gorouters...

CVE-2020-5420 Gorouter is vulnerable to DoS attack via invalid HTTP responses

Cloud Foundry Routing Gorouter versions prior to 0.206.0 allow a malicious developer with "cf push" access to cause denial-of-service to the CF cluster by pushing an app that returns specially crafted HTTP responses that crash the Gorouters...

Null pointer dereference

Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoRouter, which allows malicious clients to send invalid headers, causing caching layers to reject subsequent legitimate clients trying to access the app...

CVE-2019-11289

Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash...

Multiple Cloud Foundry Products CVE-2019-11289 Denial of Service Vulnerability

Description Multiple Cloud Foundry Products are prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. Technologies Affected Cloud Foundry Routing OSS 0.118.0 Cloud Foundry Routing OSS 0.121.0 Cloud...

CVE-2019-3789

Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. A user with space developer permissions can create a private domain that shadows the external domain of the route service, and map that...