All Vulnerability Reports

CVE-2018-1221: Gorouter websocket handling vulnerability


Severity

Critical

References
Affected Pivotal Products and Versions

Severity is critical unless otherwise noted.

  • Pivotal Application Service
    • 2.0.x versions prior to 2.0.6
    • 1.12.x versions prior to 1.12.15
    • 1.11.x versions prior to 1.11.27
    • 1.10.x versions prior to 1.10.40
    • All 1.9.x versions
    • All versions prior to 1.8.65
  • PCF Isolation Segment
    • 2.0.x versions prior to 2.0.5
    • 1.12.x versions prior to 1.12.14
    • 1.11.x versions prior to 1.11.25
    • All versions prior to 1.10.31
Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry team recommends upgrading BOSH stemcells and/or other OSS components listed here if applicable.
  • Releases that have fixed this issue include:
    • Pivotal Application Service: 2.0.6, 1.12.15, 1.11.27, 1.10.40, 1.8.65
    • PCF Isolation Segment: 2.0.5, 1.12.14, 1.11.25, 1.10.31