CVE-2026-22726

Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on internal networks...

CVE-2026-22726 Route Services Firewall Bypass

Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on internal networks...

CVE-2026-22726

The CVE-2026-22726 describes a Route Services firewall bypass in Cloud Foundry: a route-service could be abused by a user with Cloud Foundry access to forward app traffic to internal HTTP services reachable by the Gorouter, bypassing configured egress rules. Affected routing release versions are ...

EUVD-2018-11829

Malware in sbrugna...

EUVD-2016-9066

Malware in sbrugna...

EUVD-2024-19841

Malicious code in bioql PyPI...

CVE-2023-20882

In Cloud foundry routing release versions from 0.262.0 and prior to 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry. Under the right circumstances, when client connections are closed prematurely, gorouter marks the currently selected...

CVE-2024-37082

When deploying Cloud Foundry together with the haproxy-boshrelease and using a non default configuration, it might be possible to craft HTTP requests that bypass mTLS authentication to Cloud Foundry applications. You are affected if you have route-services enabled in routing-release and have...

CVE-2024-37082 - mTLS bypass | Cloud Foundry

Severity CRITICAL Vendor CloudFoundry Foundation Versions Affected Routing Release 10.6.0 Description When deploying Cloud Foundry together with the haproxy-boshrelease and using a non default configuration, it might be possible to craft HTTP requests that bypass mTLS authentication to Cloud...

CVE-2024-22279

Improper handling of requests in Routing Release v0.273.0 and = v0.297.0 allows an unauthenticated attacker to degrade the service availability of the Cloud Foundry deployment if performed at scale...

CVE-2024-22279

CVE-2024-22279 affects Cloud Foundry routing (GoRouter). The issue is an improper handling of requests in Routing Release versions v0.273.0 up to and including v0.297.0, allowing an unauthenticated attacker to degrade service availability at scale (DoS). Affected products: Routing Release and CF ...

CVE-2024-22279 - GoRouter Denial of Service Attack | Cloud Foundry

Severity MEDIUM Vendor CloudFoundry Foundation Versions Affected Routing Release v0.273.0 and v30.9.0 and = v40.13.0 Description Cloud foundry routing release versions from v0.273.0 to v0.297.0 are vulnerable to a DOS attack. An unauthenticated attacker can exploit this vulnerability to force...

Cloud Foundry Resource Management Error Vulnerability

Cloud Foundry is a suite of open source Platform-as-a-Service PaaS cloud computing platforms from the U.S.-based Cloud Foundry Foundation. The product provides features such as container scheduling, continuous delivery and automated service deployment. A security vulnerability exists in Cloud...

CVE-2023-34041

Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like B3 or X-B3-SpanID to affect the identification value recorded in the logs in foundations...

CVE-2023-34041

Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like B3 or X-B3-SpanID to affect the identification value recorded in the logs in foundations...

CVE-2023-34041

CVE-2023-34041 affects Cloud Foundry Router (gorouter) releases before 0.278.0, where HTTP Hop-by-Hop headers (notably B3 and X-B3-SpanID) can be abused to alter the identifiers logged in foundations. Exploitation requires no authentication and can influence log-trace values, per multiple sources...

CVE-2023-20882

In Cloud foundry routing release versions from 0.262.0 and prior to 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry. Under the right circumstances, when client connections are closed prematurely, gorouter marks the currently selected...

Code injection

In Cloud foundry routing release versions from 0.262.0 and prior to 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry. Under the right circumstances, when client connections are closed prematurely, gorouter marks the currently selected...

CVE-2023-20882

CVE-2023-20882 affects Cloud Foundry gorouter in routing releases 0.262.0 through 0.266.0. A bug triggered by premature client connection closures can cause the gorouter to mark the currently selected backend as failed and remove it from the routing pool, potentially leading to denial of service ...

CVE-2023-20882

In Cloud foundry routing release versions from 0.262.0 and prior to 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry. Under the right circumstances, when client connections are closed prematurely, gorouter marks the currently selected...