nginx, Cloud Foundry
- nginx before 1.10.1 and 1.11.x versions before 1.11.1
- Cloud Foundry staticfile buildpack prior to version 1.3.9
- Cloud Foundry cf-release prior to version 238
os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file.
Users are strongly encouraged to follow one of the mitigations below:
- Upgrade to Cloud Foundry version 238 or later
- Upgrade the Cloud Foundry staticfile buildpack to version 1.3.9 or later and restage all applications that use automated buildpack detection