Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only respond over secure connections.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Cf-deployment | Cloudfoundry | * | 1.27.0 (excluding) |
Routing-release | Cloudfoundry | * | 0.175.0 (excluding) |