CVE-2017-4969 Bug in CC allows users to exceed quotas
Severity is high unless otherwise noted.
- Vulnerable Cloud Foundry components individually listed here.
- PCF Elastic Runtime:
- 1.9.x versions prior to 1.9.14
- 1.10.x versions prior to 1.10.1
- Please note: earlier ERT versions (1.6.x - 1.8.x) are not affected by this issue.
Users of affected versions should apply the following mitigation:
- The Cloud Foundry team recommends upgrading BOSH stemcells and/or other OSS components listed here if applicable.
- Upgrade Pivotal products using earlier versions of CF components to new versions linked above. On the Pivotal Network product page for each release, check the Depends On section and/or Release Notes for this information.
- Releases that have fixed this issue include:
- PCF Elastic Runtime: 1.9.14 and 1.10.1