Assigner | vmware |
Reserved | 2024-01-08 |
Published | 2024-06-10 |
Updated | 2024-06-11 |
Description
Improper handling of requests in Routing Release > v0.273.0 and <= v0.297.0 allows an unauthenticated attacker to degrade the service availability of the Cloud Foundry deployment if performed at scale.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Problem types
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Product status
v0.273.0
References
https://www.cloudfoundry.org/blog/cve-2024-22279-gorouter-denial-of-service-attack/