CVE-2017-4961: BOSH Director Shell Injection Vulnerabilities
Cloud Foundry Foundation
- BOSH Release:
- 261.x versions prior to 261.3
- All 260.x versions
In certain cases an authenticated Director user can provide a malicious checksum that could allow them to escalate their privileges on the Director VM.
OSS users are strongly encouraged to follow one of the mitigations below:
- Upgrade to latest BOSH Director 261.x or later 
This issue was responsibly reported by the BOSH Team.
-  https://bosh.io/releases/github.com/cloudfoundry/bosh?all=1
2017-05-01: Initial vulnerability report published