CVE-2020-5423

Name of the Vulnerable Software and Affected Versions CAPI (Cloud Controller) versions prior to 1.101.0

Description The issue allows an unauthenticated malicious attacker to send specially-crafted YAML files to certain endpoints, causing the YAML parser to consume excessive CPU and RAM, resulting in a denial-of-service attack.

Recommendations For versions prior to 1.101.0, update to version 1.101.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the YAML parser or limiting the size and complexity of YAML files that can be processed to minimize the risk of exploitation.