Vulnerabilities > Pivotal > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-12 | CVE-2023-34061 | Resource Exhaustion vulnerability in Pivotal Cloud Foundry Deployment Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. | 7.5 |
2023-11-28 | CVE-2023-34054 | Unspecified vulnerability in Pivotal Reactor Netty In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in integration with Micrometer is enabled. | 7.5 |
2023-11-15 | CVE-2023-34062 | Path Traversal vulnerability in Pivotal Reactor Netty 1.0.11/1.0.23 In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack. Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured to serve static resources. | 7.5 |
2017-05-25 | CVE-2016-4977 | Data Processing Errors vulnerability in Pivotal Spring Security Oauth When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type. | 8.8 |