CVE-2019-11289: Improper Input Validation

May 18, 2021

Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash.

References

github.com/advisories/GHSA-5796-p3m6-9qj4
nvd.nist.gov/vuln/detail/CVE-2019-11289
www.cloudfoundry.org/blog/cve-2019-11289

Code Behaviors & Features

Detect and mitigate CVE-2019-11289 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →