CVE-2018-1221: Gorouter websocket handling vulnerability
Severity
Critical
References
Affected VMware Products and Versions
Severity is critical unless otherwise noted.
- Pivotal Application Service
- 2.0.x versions prior to 2.0.6
- 1.12.x versions prior to 1.12.15
- 1.11.x versions prior to 1.11.27
- 1.10.x versions prior to 1.10.40
- All 1.9.x versions
- All versions prior to 1.8.65
- PCF Isolation Segment
- 2.0.x versions prior to 2.0.5
- 1.12.x versions prior to 1.12.14
- 1.11.x versions prior to 1.11.25
- All versions prior to 1.10.31
Mitigation
Users of affected versions should apply the following mitigation:
- The Cloud Foundry team recommends upgrading BOSH stemcells and/or other OSS components listed here if applicable.
- Releases that have fixed this issue include:
- Pivotal Application Service: 2.0.6, 1.12.15, 1.11.27, 1.10.40, 1.8.65
- PCF Isolation Segment: 2.0.5, 1.12.14, 1.11.25, 1.10.31