CVE-2020-5423

Summary

CAPI (Cloud Controller) versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain endpoints, causing the YAML parser to consume excessive CPU and RAM.

Affected Software

VendorProductVersion RangeStatus
Cloud FoundryCAPIAll < 1.101.0affected
Cloud FoundryCF DeploymentAll < 15.0.0affected

Weaknesses

  • CWE-400: CWE-400: Uncontrolled Resource Consumption

ADP Enrichment

CVE Program Container

Additional References

References