GHSA-7v4p-328v-8v5g

Опубликовано: 17 окт. 2023

Источник: github

Github: Прошло ревью

Описание

Traefik vulnerable to HTTP/2 request causing denial of service

Impact

A vulnerability CVE-2023-39325 exists in Go managing HTTP/2 requests, which impacts Traefik. This vulnerability could be exploited to cause a denial of service.

References

CVE-2023-44487
CVE-2023-39325

Patches

https://github.com/traefik/traefik/releases/tag/v2.10.5
https://github.com/traefik/traefik/releases/tag/v3.0.0-beta4

Ссылки

https://github.com/traefik/traefik/security/advisories/GHSA-7v4p-328v-8v5g
https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ?pli=1

Пакеты

Наименование

github.com/traefik/traefik

Затронутые версииВерсия исправления

< 2.10.5

2.10.5

Наименование

github.com/traefik/traefik

Затронутые версииВерсия исправления

>= 3.0.0-beta1, < 3.0.0-beta4

3.0.0-beta4

Дефекты

CWE-400

Дефекты

CWE-400