CVE-2018-1193

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-1193
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1193.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-1193
Published
2018-05-23T15:29:00Z
Modified
2024-09-03T02:04:02.357139Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only respond over secure connections.

References

Affected packages

Git / github.com/cloudfoundry/routing-release

Affected ranges

Type
GIT
Repo
https://github.com/cloudfoundry/routing-release
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*

0.118.0
0.121.0
0.123.0
0.126.0
0.133.0
0.134.0
0.135.0
0.136.0
0.137.0
0.138.0
0.139.0
0.140.0
0.141.0
0.142.0
0.143.0
0.144.0
0.145.0
0.146.0
0.147.0
0.149.0
0.150.0
0.151.0
0.152.0
0.153.0
0.154.0
0.155.0
0.156.0
0.157.0
0.158.0
0.159.0
0.160.0
0.161.0
0.162.0
0.163.0
0.164.0
0.165.0
0.166.0
0.167.0
0.168.0
0.169.0
0.170.0
0.171.0
0.172.0
0.173.0
0.174.0
0.62.0
0.66.0
0.69.0
0.99.0