Skip to content

Traefik vulnerable to HTTP/2 request causing denial of service

Moderate severity GitHub Reviewed Published Oct 12, 2023 in traefik/traefik • Updated Oct 17, 2023

Package

gomod github.com/traefik/traefik (Go)

Affected versions

< 2.10.5
>= 3.0.0-beta1, < 3.0.0-beta4

Patched versions

2.10.5
3.0.0-beta4

Description

Impact

A vulnerability CVE-2023-39325 exists in Go managing HTTP/2 requests, which impacts Traefik. This vulnerability could be exploited to cause a denial of service.

References

Patches

References

@nmengin nmengin published to traefik/traefik Oct 12, 2023
Published to the GitHub Advisory Database Oct 17, 2023
Reviewed Oct 17, 2023
Last updated Oct 17, 2023

Severity

Moderate

EPSS score

Weaknesses

CVE ID

No known CVE

GHSA ID

GHSA-7v4p-328v-8v5g

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.