82 matches found
CVE-2026-22726
The CVE-2026-22726 describes a Route Services firewall bypass in Cloud Foundry: a route-service could be abused by a user with Cloud Foundry access to forward app traffic to internal HTTP services reachable by the Gorouter, bypassing configured egress rules. Affected routing release versions are ...
EUVD-2026-26458
Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on internal networks...
CVE-2026-22726 Route Services Firewall Bypass
Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on internal networks...
CVE-2026-22726 Route Services Firewall Bypass
Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on internal networks...
PT-2026-36253
Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on internal networks...
CVE-2026-22726 - Route Services Firewall Bypass | Cloud Foundry
Severity MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L/E:P/RL:O/RC:C/MAV:N/MAC:L/MPR:L/MUI:R/MS:C/MC:H Vendor CloudFoundry Foundation Versions Affected Routing release: v0.118.0 to v0.371.0 CF Deployment: v0.0.2 to v54.14.0 Description Route Services can be leveraged to send app traffic t...
EUVD-2016-0745
Malware in sbrugna...
EUVD-2020-26580
Malware in sbrugna...
EUVD-2018-11855
Malware in sbrugna...
EUVD-2020-26589
Malware in sbrugna...
EUVD-2021-0951
Malware in sbrugna...
EUVD-2020-26585
Malware in sbrugna...
EUVD-2023-25054
Malicious code in bioql PyPI...
CVE-2023-20882
In Cloud foundry routing release versions from 0.262.0 and prior to 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry. Under the right circumstances, when client connections are closed prematurely, gorouter marks the currently selected...
CVE-2024-22279 GoRouter Denial of Service Attack
Improper handling of requests in Routing Release v0.273.0 and = v0.297.0 allows an unauthenticated attacker to degrade the service availability of the Cloud Foundry deployment if performed at scale...
CVE-2024-22279 GoRouter Denial of Service Attack
Improper handling of requests in Routing Release v0.273.0 and = v0.297.0 allows an unauthenticated attacker to degrade the service availability of the Cloud Foundry deployment if performed at scale...
CVE-2024-22279 - GoRouter Denial of Service Attack | Cloud Foundry
Severity MEDIUM Vendor CloudFoundry Foundation Versions Affected Routing Release v0.273.0 and v30.9.0 and = v40.13.0 Description Cloud foundry routing release versions from v0.273.0 to v0.297.0 are vulnerable to a DOS attack. An unauthenticated attacker can exploit this vulnerability to force...
CVE-2023-34041 CVE-2023-34041-Abuse of HTTP Hop-by-Hop Headers in Cloud Foundry Gorouter
Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like B3 or X-B3-SpanID to affect the identification value recorded in the logs in foundations...
Denial Of Service (DoS)
github.com/cloudfoundry/gorouter is vulnerable to Denial of Service DoS. The vulnerability is due to premature connection closures, which results in the removal of the selected backend from the routing pool when the application is hosted on Cloud Foundry...
CVE-2023-20882
In Cloud foundry routing release versions from 0.262.0 and prior to 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry. Under the right circumstances, when client connections are closed prematurely, gorouter marks the currently selected...