CVE-2021-22101

Summary

Cloud Controller versions prior to 1.118.0 are vulnerable to unauthenticated denial of Service(DoS) vulnerability allowing unauthenticated attackers to cause denial of service by using REST HTTP requests with label_selectors on multiple V3 endpoints by generating an enormous SQL query.

Affected Software

VendorProductVersion RangeStatus
n/aCloud Foundry Cloud ControllerCloud Foundry Cloud Controller versions prior to 1.118.0affected

Weaknesses

  • CWE-400: CWE-400: Uncontrolled Resource Consumption

ADP Enrichment

CVE Program Container

Additional References

References