Описание
Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. There is a vulnerability in Traefik that allows the client to provide the X-Forwarded-Prefix header from an untrusted source. This issue has been addressed in versions 2.11.14 and 3.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Уязвимые конфигурации
Конфигурация 1Версия до 2.11.14 (исключая)Версия от 3.0.0 (включая) до 3.2.1 (исключая)
Одно из
cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*
cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*
EPSS
Процентиль: 47%
0.0024
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-601
Связанные уязвимости
CVSS3: 6.1
debian
около 1 года назад
Traefik (pronounced traffic) is an HTTP reverse proxy and load balance ...
github
около 1 года назад
Traefik's X-Forwarded-Prefix Header still allows for Open Redirect
EPSS
Процентиль: 47%
0.0024
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-601