Connect

Expand your knowledge and network by interacting with our experts online, or in person.

From analytics to cloud-native, Pivotal subject-matter experts are passionate participants in digital transformation.

Come learn from our designers, engineers, and PMs in one of our product office hour sessions.

Join a community of leading technologists, hear incredible stories of transformation, and find your next great team.

About Us

Our modern technologies and approach to innovation empower businesses around the world to build meaningful things that touch billions of users every day.

About

Careers

Pivotal values diversity and is committed to fostering a culture that encourages inclusion and allows for everyone to be at their best.

Customers

These admired companies are working with Pivotal to build great software that helps achieve ambitious goals.

Executive Team Investors Partners Training

Contact Locations Press Center Featured News Legal

All Vulnerability Reports

CVE-2014-9130 LibYAML vulnerability

Severity

Medium

Vendor

LibYAML

Versions Affected

Cloud Foundry Ruby Buildpack versions prior to 1.6.25

Description

Stanisław Pitucha and Jonathan Gray discovered that LibYAML did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service.

Affected Pivotal Products and Versions

Cloud Foundry Ruby Buildpack versions prior to 1.6.25

Mitigation

Users of affected versions should apply the following mitigation:

Upgrade the Ruby Buildpack to v1.6.25 [1] or later and restage all applications that use automated buildpack detection

Credit

Stanisław Pitucha and Jonathan Gray

References