CVE-2019-11289: Improper Input Validation

May 18, 2021 (updated February 7, 2023)

Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash.

References

github.com/advisories/GHSA-5796-p3m6-9qj4
github.com/cloudfoundry/gorouter/commit/b1b5c44e050f73b399b379ca63a42a2c5780a83f
nvd.nist.gov/vuln/detail/CVE-2019-11289
pkg.go.dev/vuln/GO-2021-0102
www.cloudfoundry.org/blog/cve-2019-11289

Code Behaviors & Features

Detect and mitigate CVE-2019-11289 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →