Описание
Traefik affected by Go HTTP Request Smuggling Vulnerability
Summary
net/http: request smuggling through invalid chunked data: The net/http package accepts data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permit request smuggling. [CVE-2025-22871] Vendor Affected Components: Go: 1.23.x < 1.23.8
More Details: CVE-2025-22871
Patches
Пакеты
Наименование
github.com/traefik/traefik/v2
go
Затронутые версииВерсия исправления
< 2.11.24
2.11.24
Наименование
github.com/traefik/traefik/v3
go
Затронутые версииВерсия исправления
< 3.3.6
3.3.6
Наименование
github.com/traefik/traefik/v3
go
Затронутые версииВерсия исправления
= 3.4.0-rc1
3.4.0-rc2
9.1 Critical
CVSS3
Дефекты
CWE-1395
9.1 Critical
CVSS3
Дефекты
CWE-1395