Vulnerabilities > Cloudfoundry > CF Deployment > 1.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-23 | CVE-2019-11277 | Injection vulnerability in Cloudfoundry Cf-Deployment and NFS Volume Release Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. | 8.1 |
| 2019-04-25 | CVE-2019-3801 | Cleartext Transmission of Sensitive Information vulnerability in Cloudfoundry Cf-Deployment Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. | 9.8 |
| 2018-06-06 | CVE-2018-1265 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. | 7.2 |
| 2018-05-23 | CVE-2018-1193 | Unspecified vulnerability in Cloudfoundry Routing-Release Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. | 5.3 |
| 2018-04-30 | CVE-2018-1277 | Resource Exhaustion vulnerability in Cloudfoundry Cf-Deployment and Garden-Runc Cloud Foundry Garden-runC, versions prior to 1.13.0, does not correctly enforce disc quotas for Docker image layers. | 6.5 |
| 2018-03-29 | CVE-2018-1191 | Information Exposure vulnerability in Cloudfoundry Cf-Deployment and Garden-Runc-Release Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an information exposure vulnerability. | 8.8 |
| 2018-03-19 | CVE-2018-1221 | Improper Input Validation vulnerability in Cloudfoundry Cf-Deployment In cf-deployment before 1.14.0 and routing-release before 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers (ALBs) and some other HTTP-aware Load Balancers. | 8.1 |
| 2018-03-19 | CVE-2018-1195 | Insufficient Session Expiration vulnerability in Cloudfoundry Cf-Release In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. | 8.8 |