CVE-2023-34041

Name of the Vulnerable Software and Affected Versions Cloud Foundry Routing versions prior to 0.278.0

Description The issue allows an unauthenticated attacker to abuse HTTP Hop-by-Hop Headers, affecting the identification value recorded in logs. Specifically, headers like B3 or X-B3-SpanID can be exploited.

Recommendations For versions prior to 0.278.0, update to version 0.278.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of HTTP Hop-by-Hop Headers until a patch is applied. Avoid using headers like B3 or X-B3-SpanID in affected API endpoints until the issue is resolved.