CVE-2022-39271

Опубликовано: 11 окт. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. There is a potential vulnerability in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. This failure mode could be exploited to cause a denial of service. There has been a patch released in versions 2.8.8 and 2.9.0-rc5. There are currently no known workarounds.

Ссылки

https://github.com/traefik/traefik/releases/tag/v2.8.8
Release Notes
Third Party Advisory
https://github.com/traefik/traefik/releases/tag/v2.9.0-rc5
Release Notes
Third Party Advisory
https://github.com/traefik/traefik/security/advisories/GHSA-c6hx-pjc3-7fqr
Patch
Third Party Advisory
https://github.com/traefik/traefik/releases/tag/v2.8.8
Release Notes
Third Party Advisory
https://github.com/traefik/traefik/releases/tag/v2.9.0-rc5
Release Notes
Third Party Advisory
https://github.com/traefik/traefik/security/advisories/GHSA-c6hx-pjc3-7fqr
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*

Версия до 2.8.8 (исключая)

cpe:2.3:a:traefik:traefik:2.9.0:rc1:*:*:*:*:*:*

cpe:2.3:a:traefik:traefik:2.9.0:rc2:*:*:*:*:*:*

cpe:2.3:a:traefik:traefik:2.9.0:rc3:*:*:*:*:*:*

cpe:2.3:a:traefik:traefik:2.9.0:rc4:*:*:*:*:*:*

EPSS

Процентиль: 32%

0.0012

Низкий

7.5 High

CVSS3

Дефекты

CWE-400

CWE-755

Связанные уязвимости

CVE-2022-39271

CVSS3: 7.5

debian

больше 3 лет назад

Traefik (pronounced traffic) is a modern HTTP reverse proxy and load b ...

GHSA-c6hx-pjc3-7fqr

CVSS3: 7.5

github

больше 3 лет назад

Traefik HTTP/2 connections management could cause a denial of service

EPSS

Процентиль: 32%

0.0012

Низкий

7.5 High

CVSS3

Дефекты

CWE-400

CWE-755