Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only respond over secure connections.
[
{
"product": "Cloud Foundry Router",
"vendor": "Cloud Foundry",
"versions": [
{
"status": "affected",
"version": "versions prior to 0.175.0"
}
]
}
]