Information Exposure Affecting code.cloudfoundry.org/gorouter/route package, versions *
Snyk CVSS
Attack Complexity
Low
Confidentiality
High
Availability
High
Threat Intelligence
EPSS
0.09% (40th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-GOLANG-CODECLOUDFOUNDRYORGGOROUTERROUTE-50074
- published 10 Jun 2018
- disclosed 18 Mar 2018
- credit Unknown
Introduced: 18 Mar 2018
CVE-2018-1221 Open this link in a new tabHow to fix?
A fix was pushed into the master
branch but not yet published.
Overview
Affected versions of this package are vulnerable to Information Exposure or Denial of Service. It mishandles WebSocket
requests for AWS Application Load Balancers (ALBs) and some other HTTP-aware
Load Balancers. A user with developer privileges could use this vulnerability to steal data or cause denial of service.