CVE-2019-11289

Name of the Vulnerable Software and Affected Versions Cloud Foundry Routing versions prior to 0.193.0

Description The issue arises from improper input validation, allowing a maliciously crafted input to cause a panic due to incorrect nonce size. This can be used as a vector for a denial of service attack, where a remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce, causing the Gorouter to crash.

Recommendations For versions prior to 0.193.0, update to version 0.193.0 or later to resolve the issue. As a temporary workaround, consider implementing proper input validation to prevent the use of invalid nonces, which could help minimize the risk of exploitation. Restrict access to the Gorouter to minimize the risk of denial of service attacks until the issue is resolved.