84 matches found
CVE-2026-22726
Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on internal networks...
EUVD-2026-26458
Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on internal networks...
CVE-2026-22726 Route Services Firewall Bypass
Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on internal networks...
CVE-2026-22726 Route Services Firewall Bypass
Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on internal networks...
CVE-2026-22726
The CVE-2026-22726 describes a Route Services firewall bypass in Cloud Foundry: a route-service could be abused by a user with Cloud Foundry access to forward app traffic to internal HTTP services reachable by the Gorouter, bypassing configured egress rules. Affected routing release versions are ...
CVE-2026-22726 Route Services Firewall Bypass
Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on internal networks...
PT-2026-36253
Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on internal networks...
CVE-2026-22726 - Route Services Firewall Bypass | Cloud Foundry
Severity MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L/E:P/RL:O/RC:C/MAV:N/MAC:L/MPR:L/MUI:R/MS:C/MC:H Vendor CloudFoundry Foundation Versions Affected Routing release: v0.118.0 to v0.371.0 CF Deployment: v0.0.2 to v54.14.0 Description Route Services can be leveraged to send app traffic t...
EUVD-2021-0951
Malware in sbrugna...
EUVD-2020-26585
Malware in sbrugna...
EUVD-2016-0745
Malware in sbrugna...
EUVD-2018-11855
Malware in sbrugna...
EUVD-2020-26589
Malware in sbrugna...
EUVD-2020-26580
Malware in sbrugna...
EUVD-2023-25054
Malicious code in bioql PyPI...
CVE-2023-20882
In Cloud foundry routing release versions from 0.262.0 and prior to 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry. Under the right circumstances, when client connections are closed prematurely, gorouter marks the currently selected...
CVE-2024-22279 GoRouter Denial of Service Attack
Improper handling of requests in Routing Release v0.273.0 and = v0.297.0 allows an unauthenticated attacker to degrade the service availability of the Cloud Foundry deployment if performed at scale...
CVE-2024-22279 GoRouter Denial of Service Attack
Improper handling of requests in Routing Release v0.273.0 and = v0.297.0 allows an unauthenticated attacker to degrade the service availability of the Cloud Foundry deployment if performed at scale...
CVE-2024-22279 - GoRouter Denial of Service Attack | Cloud Foundry
Severity MEDIUM Vendor CloudFoundry Foundation Versions Affected Routing Release v0.273.0 and v30.9.0 and = v40.13.0 Description Cloud foundry routing release versions from v0.273.0 to v0.297.0 are vulnerable to a DOS attack. An unauthenticated attacker can exploit this vulnerability to force...
CVE-2023-34041 CVE-2023-34041-Abuse of HTTP Hop-by-Hop Headers in Cloud Foundry Gorouter
Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like B3 or X-B3-SpanID to affect the identification value recorded in the logs in foundations...