CVE-2021-22101

Name of the Vulnerable Software and Affected Versions Cloud Controller versions prior to 1.118.0

Description The issue allows unauthenticated attackers to cause denial of service by using REST HTTP requests with label selectors on multiple V3 endpoints, generating an enormous SQL query. This can lead to a denial of service.

Recommendations For Cloud Controller versions prior to 1.118.0, update to version 1.118.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the V3 endpoints or limiting the use of label selectors in REST HTTP requests until a patch is available.