CVE-2026-22726

>= 0.118.0 and < 0.372.0

Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a resu

5.0MEDIUM

CVE-2024-22279

>= 0.273.0 and <= 0.297.0

Improper handling of requests in Routing Release > v0.273.0 and <= v0.297.0 allows an unauthenticated attacker to degrade the ser

5.9MEDIUM

CVE-2023-34061

>= 0.163.0 and <= 0.283.0

Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can

7.5HIGH

CVE-2023-34041

< 0.278.0

Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated att

5.3MEDIUM

CVE-2023-20882

>= 0.262.0 and < 0.266.0

In Cloud foundry routing release versions from 0.262.0 and prior to 0.266.0,a bug in the gorouter process can lead to a denial of

5.9MEDIUM

CVE-2020-5416

< 0.204.0

Cloud Foundry Routing (Gorouter), versions prior to 0.204.0, when used in a deployment with NGINX reverse proxies in front of the

6.5MEDIUM

CVE-2020-15586

< 0.203.0

Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy

5.9MEDIUM

CVE-2020-5401

< 0.197.0

Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoRouter, which allows malicious clients to send invalid header

5.3MEDIUM

CVE-2019-11289

< 0.193.0

Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious use

8.6HIGH

CVE-2019-3800

< 0.189.0

CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user aut

6.3MEDIUM

CVE-2019-3789

< 0.188.0

Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route servic

6.5MEDIUM

CVE-2018-1193

< 0.175.0

Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote

5.3MEDIUM

CVE-2018-1221

< 0.172.0

In cf-deployment before 1.14.0 and routing-release before 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AW

8.1HIGH

CVE-2017-8034

<= 0.158.0

The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v

6.6MEDIUM

CVE-2016-8218

<= 0.141.0

An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231.

9.8CRITICAL