Access Restriction Bypass Affecting code.cloudfoundry.org/gorouter/proxy Open this link in a new tab package, versions <0.175.0
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
10 Jun 2018
27 Nov 2017
code.cloudfoundry.org/gorouter/proxy contains the source code for the Cloud Foundry L7 HTTP router.
Affected versions of the package are vulnerable to Access Restriction Bypass. It lacks sanitization for user-provided
X-Forwarded-Proto headers. A remote user can set the
X-Forwarded-Proto header in a request to potentially bypass an application requirement to only respond over secure connections.
code.cloudfoundry.org/gorouter/proxy to version 0.175.0 or higher.