Re: CVE-2015-1834 CC Path Traversal vulnerability


Noburou TANIGUCHI
 

I understand the CFF strongly recommends to upgrade to v208 or after, but for
those (including us) who cannot immediately upgrade, I want to know if there
is a workaround against this vulnerability.

I've found that there is a commit which seems related this vulnerability:
https://github.com/cloudfoundry/cloud_controller_ng/commit/5257a8af6990e71cd1e34ae8978dfe4773b32826

Cherry-picking this commit may be a workaround? Or we need another commits
to cherry-pick?

Thanks in advance.





--
View this message in context: http://cf-dev.70369.x6.nabble.com/cf-dev-CVE-2015-1834-CC-Path-Traversal-vulnerability-tp163p173.html
Sent from the CF Dev mailing list archive at Nabble.com.

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.