CVE-2017-8036: Cloud Controller API regression
Cloud Foundry Foundation
- CAPI-release version 1.33.0 only
The original fix for CVE-2017-8033 included in CAPI-release 1.33.0 introduces a regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially-crafted application.
Users of affected versions should apply the following mitigation or upgrade:
- Note: The affected version of CAPI-release was not included in any cf-release.
- Standalone component users should upgrade CAPI-release to v1.35.0 or later. 
This vulnerability was responsibly reported by the CAPI team.
2017-07-19: Initial vulnerability report published