Routing-release Security Vulnerabilities and Issues — Routing-release CVE List

Lucene search

CloudfoundryRouting-release

3 matches found

CVE•added 2020/07/17 4:15 p.m.•374 views

CVE-2020-15586

Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.

5.9CVSS6.6AI score0.00614EPSS

CVE•added 2023/09/08 8:15 a.m.•42 views

CVE-2023-34041

Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like B3 or X-B3-SpanID to affect the identification value recorded in the logs in foundations.

5.3CVSS5.3AI score0.00159EPSS

CVE•added 2018/05/23 3:29 p.m.•39 views

CVE-2018-1193

Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only respond over secure connections.

5.3CVSS5.2AI score0.00169EPSS