CVE-2024-22279

CVE-2024-22279 affects Cloud Foundry routing (GoRouter). The issue is an improper handling of requests in Routing Release versions v0.273.0 up to and including v0.297.0, allowing an unauthenticated attacker to degrade service availability at scale (DoS). Affected products: Routing Release and CF ...

CVE-2023-20882

CVE-2023-20882 affects Cloud Foundry gorouter in routing releases 0.262.0 through 0.266.0. A bug triggered by premature client connection closures can cause the gorouter to mark the currently selected backend as failed and remove it from the routing pool, potentially leading to denial of service ...

CVE-2019-3789

CVE-2019-3789 affects Cloud Foundry Routing Release (CF Routing) prior to 0.188.0. A space developer can create a private domain shadowing an external route service domain and map it to an app, causing the gorouter to route external traffic to the internal app instead. Impact is hijacking of rout...

CVE-2020-5401

CVE-2020-5401 affects Cloud Foundry Routing Release (prior to 0.197.0) which includes GoRouter. Malicious clients can send invalid headers, causing caching layers to reject subsequent legitimate clients. The vulnerability, described in multiple sources, results in degraded access for users to app...

CVE-2026-22726

The CVE-2026-22726 describes a Route Services firewall bypass in Cloud Foundry: a route-service could be abused by a user with Cloud Foundry access to forward app traffic to internal HTTP services reachable by the Gorouter, bypassing configured egress rules. Affected routing release versions are ...