Skip to content

Traefik vulnerable to HTTP/2 request causing denial of service

Moderate severity GitHub Reviewed Published Oct 12, 2023 in traefik/traefik • Updated Oct 17, 2023

Package

gomod github.com/traefik/traefik (Go)

Affected versions

< 2.10.5
>= 3.0.0-beta1, < 3.0.0-beta4

Patched versions

2.10.5
3.0.0-beta4

Description

Impact

A vulnerability CVE-2023-39325 exists in Go managing HTTP/2 requests, which impacts Traefik. This vulnerability could be exploited to cause a denial of service.

References

Patches

References

@nmengin nmengin published to traefik/traefik Oct 12, 2023
Published to the GitHub Advisory Database Oct 17, 2023
Reviewed Oct 17, 2023
Last updated Oct 17, 2023

Severity

Moderate

EPSS score

Weaknesses

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources. Learn more on MITRE.

CVE ID

No known CVE

GHSA ID

GHSA-7v4p-328v-8v5g

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.