Cloud Foundry Foundation
- routing-release versions prior to 0.142.0
- cf-release versions 203 to 231
Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users to the routing API.
OSS users of affected routing-release versions are strongly encouraged to:
- Upgrade routing-release to 0.142.0 or later.
OSS users of cf-release versions 203 to 231 are strongly encouraged to:
- Upgrade to the latest version of Cloud Foundry. As of this writing, the latest version is v249. 
The issue was responsibly reported by a VMware team member.
2016-12-09: Initial vulnerability report published
2016-12-15: Vulnerable software versions updated