Описание
Traefik affected by Go oauth2/jws Improper Validation of Syntactic Correctness of Input vulnerability
Summary
We have encountered a security vulnerability being reported by our scanners for Traefik 2.11.22.
Details
It seems to target oauth2/jws library.
PoC
No steps to replicate this vulnerability
Impact
We have a strict control on security and we always try to stay up-to-date with the fixes received for third-party solutions.
Patches
Ссылки
- https://github.com/traefik/traefik/security/advisories/GHSA-3wqc-mwfx-672p
- https://github.com/traefik/traefik/releases/tag/v2.11.24
- https://github.com/traefik/traefik/releases/tag/v3.3.6
- https://github.com/traefik/traefik/releases/tag/v3.4.0-rc2
- https://security.snyk.io/vuln/SNYK-CHAINGUARDLATEST-TRAEFIK33-9403297
Пакеты
Наименование
github.com/traefik/traefik/v3
go
Затронутые версииВерсия исправления
< 3.3.6
3.3.6
Наименование
github.com/traefik/traefik/v2
go
Затронутые версииВерсия исправления
< 2.11.24
2.11.24
Наименование
github.com/traefik/traefik/v3
go
Затронутые версииВерсия исправления
= 3.4.0-rc1
3.4.0-rc2
7.5 High
CVSS3
Дефекты
CWE-1286
7.5 High
CVSS3
Дефекты
CWE-1286