CVE-2023-34041

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-34041

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-34041.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-34041

Published

2023-09-08T08:15:07.493Z

Modified

2026-02-16T10:28:02.291507Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like B3 or X-B3-SpanID to affect the identification value recorded in the logs in foundations.

References

https://www.cloudfoundry.org/blog/abuse-of-http-hop-by-hop-headers-in-cloud-foundry-gorouter/

Affected packages

Git / github.com/cloudfoundry/routing-release

Affected ranges

Type: GIT
Repo: https://github.com/cloudfoundry/routing-release
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

cd8b68332d12134bbedca8a80744a4a2ba2e4984

Affected versions

0.*

0.118.0

0.121.0

0.123.0

0.126.0

0.133.0

0.134.0

0.135.0

0.136.0

0.137.0

0.138.0

0.139.0

0.140.0

0.141.0

0.142.0

0.143.0

0.144.0

0.145.0

0.146.0

0.147.0

0.149.0

0.150.0

0.151.0

0.152.0

0.153.0

0.154.0

0.155.0

0.156.0

0.157.0

0.158.0

0.159.0

0.160.0

0.161.0

0.162.0

0.163.0

0.164.0

0.165.0

0.166.0

0.167.0

0.168.0

0.169.0

0.170.0

0.171.0

0.172.0

0.173.0

0.174.0

0.175.0

0.176.0

0.177.0

0.178.0

0.179.0

0.180.0

0.181.0

0.182.0

0.183.0

0.184.0

0.185.0

0.186.0

0.187.0

0.188.0

0.189.0

0.190.0

0.191.0

0.192.0

0.193.0

0.194.0

0.195.0

0.196.0

0.197.0

0.198.0

0.199.0

0.200.0

0.201.0

0.202.0

0.203.0

0.204.0

0.205.0

0.206.0

0.207.0

0.208.0

0.209.0

0.210.0

0.211.0

0.212.0

0.213.0

0.214.0

0.215.0

0.216.0

0.217.0

0.218.0

0.219.0

0.220.0

0.221.0

0.222.0

0.223.0

0.224.0

0.225.0

0.226.0

0.227.0

0.228.0

0.229.0

0.230.0

0.231.0

0.232.0

0.233.0

0.234.0

0.235.0

0.236.0

0.237.0

0.238.0

0.239.0

0.240.0

0.241.0

0.242.0

0.243.0

0.244.0

0.245.0

0.246.0

0.247.0

0.248.0

0.249.0

0.250.0

0.251.0

0.252.0

0.253.0

0.254.0

0.255.0

0.256.0

0.257.0

0.258.0

0.62.0

0.66.0

0.69.0

0.99.0

v0.*

v0.0.0

v0.236.0

v0.237.0

v0.238.0

v0.239.0

v0.240.0

v0.241.0

v0.242.0

v0.243.0

v0.244.0

v0.245.0

v0.246.0

v0.247.0

v0.248.0

v0.249.0

v0.250.0

v0.251.0

v0.252.0

v0.253.0

v0.254.0

v0.255.0

v0.256.0

v0.257.0

v0.258.0

v0.259.0

v0.260.0

v0.261.0

v0.262.0

v0.263.0

v0.264.0

v0.265.0

v0.265.1

v0.266.0

v0.267.0

v0.268.0

v0.269.0

v0.270.0

v0.271.0

v0.272.0

v0.273.0

v0.274.0

v0.275.0

v0.276.0

v0.277.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-34041.json"