Cloud Foundry Routing (Gorouter) versions prior to 0.206.0 allow a malicious developer with "cf push" access to cause denial-of-service to the CF cluster by pushing an app that returns specially crafted HTTP responses that crash the Gorouters.
References
Link | Resource |
---|---|
https://www.cloudfoundry.org/blog/cve-2020-5420 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: pivotal
Published: 2020-09-01T00:00:00
Updated: 2020-09-03T01:10:16
Reserved: 2020-01-03T00:00:00
Link: CVE-2020-5420
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-09-03T01:15:10.857
Modified: 2020-09-11T15:42:49.217
Link: CVE-2020-5420
JSON object: View
Redhat Information
No data.
CWE