← back
CVE-2020-5401

Cloud Foundry GoRouter is vulnerable to cache poisoning

CVSS 5.3 MEDIUMEPSS 1.0%CWE-393
Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoRouter, which allows malicious clients to send invalid headers, causing caching layers to reject subsequent legitimate clients trying to access the app.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected products
Cloud Foundry · Routing

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.cloudfoundry.org/blog/cve-2020-5401