Nlnetlabs: >> Routinator >> 0.13.0 Security Vulnerabilities
When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes.
This only affects users who allow API access from untrusted networks.
CVSS Score
8.2
EPSS Score
0.003
Published
2026-06-08
When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes.
CVSS Score
8.7
EPSS Score
0.004
Published
2026-06-08
Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache.
CVSS Score
8.3
EPSS Score
0.004
Published
2026-06-08
Due to a mistake in error checking, Routinator will terminate when an incoming RTR connection is reset by the peer too quickly after opening.
CVSS Score
7.5
EPSS Score
0.01
Published
2024-02-26