CVE-2016-0713

medium

Published 2017-08-31 · Modified 2026-05-13

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

4.7

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4 NEW

—

not yet in upstream

VIR risk

4.7

Description

Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks via vectors related to modified requests.

Predictions

Exploit likelihood

57%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Application impact

Vendor	Product	Versions
cloudfoundry	cf-release	`141`
cloudfoundry	cf-release	`142`
cloudfoundry	cf-release	`143`
cloudfoundry	cf-release	`144`
cloudfoundry	cf-release	`145`
cloudfoundry	cf-release	`146`
cloudfoundry	cf-release	`147`
cloudfoundry	cf-release	`148`
cloudfoundry	cf-release	`149`
cloudfoundry	cf-release	`150`
cloudfoundry	cf-release	`151`
cloudfoundry	cf-release	`152`
cloudfoundry	cf-release	`153`
cloudfoundry	cf-release	`154`
cloudfoundry	cf-release	`155`
cloudfoundry	cf-release	`156`
cloudfoundry	cf-release	`157`
cloudfoundry	cf-release	`158`
cloudfoundry	cf-release	`159`
cloudfoundry	cf-release	`160`
cloudfoundry	cf-release	`161`
cloudfoundry	cf-release	`162`
cloudfoundry	cf-release	`163`
cloudfoundry	cf-release	`164`
cloudfoundry	cf-release	`165`
cloudfoundry	cf-release	`166`
cloudfoundry	cf-release	`167`
cloudfoundry	cf-release	`168`
cloudfoundry	cf-release	`169`
cloudfoundry	cf-release	`170`
cloudfoundry	cf-release	`171`
cloudfoundry	cf-release	`172`
cloudfoundry	cf-release	`173`
cloudfoundry	cf-release	`174`
cloudfoundry	cf-release	`175`
cloudfoundry	cf-release	`176`
cloudfoundry	cf-release	`177`
cloudfoundry	cf-release	`178`
cloudfoundry	cf-release	`179`
cloudfoundry	cf-release	`180`
cloudfoundry	cf-release	`181`
cloudfoundry	cf-release	`182`
cloudfoundry	cf-release	`183`
cloudfoundry	cf-release	`184`
cloudfoundry	cf-release	`185`
cloudfoundry	cf-release	`186`
cloudfoundry	cf-release	`187`
cloudfoundry	cf-release	`188`
cloudfoundry	cf-release	`189`
cloudfoundry	cf-release	`190`
cloudfoundry	cf-release	`191`
cloudfoundry	cf-release	`192`
cloudfoundry	cf-release	`193`
cloudfoundry	cf-release	`194`
cloudfoundry	cf-release	`195`
cloudfoundry	cf-release	`196`
cloudfoundry	cf-release	`197`
cloudfoundry	cf-release	`198`
cloudfoundry	cf-release	`199`
cloudfoundry	cf-release	`200`
cloudfoundry	cf-release	`201`
cloudfoundry	cf-release	`202`
cloudfoundry	cf-release	`203`
cloudfoundry	cf-release	`204`
cloudfoundry	cf-release	`205`
cloudfoundry	cf-release	`206`
cloudfoundry	cf-release	`207`
cloudfoundry	cf-release	`208`
cloudfoundry	cf-release	`209`
cloudfoundry	cf-release	`210`
cloudfoundry	cf-release	`211`
cloudfoundry	cf-release	`212`
cloudfoundry	cf-release	`213`
cloudfoundry	cf-release	`214`
cloudfoundry	cf-release	`215`
cloudfoundry	cf-release	`216`
cloudfoundry	cf-release	`217`
cloudfoundry	cf-release	`218`
cloudfoundry	cf-release	`219`
cloudfoundry	cf-release	`220`
cloudfoundry	cf-release	`221`
cloudfoundry	cf-release	`222`
cloudfoundry	cf-release	`223`
cloudfoundry	cf-release	`224`
cloudfoundry	cf-release	`225`
cloudfoundry	cf-release	`226`
cloudfoundry	cf-release	`227`
cloudfoundry	cf-release	`228`

References

CWEs

CWE-79

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.