Vulnerabilities > Pivotal > High

DATE CVE VULNERABILITY TITLE RISK
2024-01-12 CVE-2023-34061 Resource Exhaustion vulnerability in Pivotal Cloud Foundry Deployment
Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack.
network
low complexity
pivotal CWE-400
7.5
2023-11-28 CVE-2023-34054 Unspecified vulnerability in Pivotal Reactor Netty
In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in integration with Micrometer is enabled.
network
low complexity
pivotal
7.5
2023-11-15 CVE-2023-34062 Path Traversal vulnerability in Pivotal Reactor Netty 1.0.11/1.0.23
In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack. Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured to serve static resources.
network
low complexity
pivotal CWE-22
7.5
2017-05-25 CVE-2016-4977 Data Processing Errors vulnerability in Pivotal Spring Security Oauth
When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type.
network
low complexity
pivotal CWE-19
8.8