GHSA-3wqc-mwfx-672p

Опубликовано: 18 апр. 2025

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

Traefik affected by Go oauth2/jws Improper Validation of Syntactic Correctness of Input vulnerability

Summary

We have encountered a security vulnerability being reported by our scanners for Traefik 2.11.22.

https://security.snyk.io/vuln/SNYK-CHAINGUARDLATEST-TRAEFIK33-9403297

Details

It seems to target oauth2/jws library.

PoC

No steps to replicate this vulnerability

Impact

We have a strict control on security and we always try to stay up-to-date with the fixes received for third-party solutions.

Patches

Ссылки

Пакеты

Наименование

github.com/traefik/traefik/v3

Затронутые версииВерсия исправления

< 3.3.6

3.3.6

Наименование

github.com/traefik/traefik/v2

Затронутые версииВерсия исправления

< 2.11.24

2.11.24

Наименование

github.com/traefik/traefik/v3

Затронутые версииВерсия исправления

= 3.4.0-rc1

3.4.0-rc2

EPSS

Процентиль: 20%

0.00063

Низкий

7.5 High

CVSS3

CVE ID

CVE-2025-22868

Дефекты

CWE-1286

Связанные уязвимости

CVE-2025-22868

CVSS3: 7.5

ubuntu

4 месяца назад

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.

CVE-2025-22868

CVSS3: 7.5

redhat

4 месяца назад

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.

CVE-2025-22868

CVSS3: 7.5

nvd

4 месяца назад

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.

CVE-2025-22868

CVSS3: 7.5

msrc

3 месяца назад

Описание отсутствует

CVE-2025-22868

CVSS3: 7.5

debian

4 месяца назад

An attacker can pass a malicious malformed token which causes unexpect ...

EPSS

Процентиль: 20%

0.00063

Низкий

7.5 High

CVSS3

CVE ID

CVE-2025-22868

Дефекты

CWE-1286