CVE-2023-34061 – Gorouter route pruning Severity HIGH Vendor CloudFoundry Foundation Versions Affected Routing Release > 0.163.0 CF Deployment > 0.28.0 Description Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment. Affected Cloud Foundry Products and Versions Severity is high unless otherwise noted. Routing_release - All versions from 0.163.0 to 0.283.0 (inclusive) CF Deployment - All versions from 0.28.0 to v33.5.0 (inclusive) Mitigation Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases: Routing_release - Upgrade routing_release versions to v0.284.0 or greater CF Deployment - Upgrade cf-deployment version to v33.6.0 or greater - Includes routing_release v0.284.0 Credit This issue was responsibly reported by David Sabeti and Josh Russett of VMWare. History December 7th: Initial vulnerability report published.