VDB
KO
MEDIUM

GHSA-7v4p-328v-8v5g

Traefik vulnerable to HTTP/2 request causing denial of service

Details

### Impact

A vulnerability CVE-2023-39325 exists in [Go managing HTTP/2 requests](https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ?pli=1), which impacts Traefik. This vulnerability could be exploited to cause a denial of service.

### References

- [CVE-2023-44487](https://www.cve.org/CVERecord?id=CVE-2023-44487) - [CVE-2023-39325](https://www.cve.org/CVERecord?id=CVE-2023-39325)

### Patches

- https://github.com/traefik/traefik/releases/tag/v2.10.5 - https://github.com/traefik/traefik/releases/tag/v3.0.0-beta4

Are you affected?

Enter the version of the package you're using.

Affected packages

Go / github.com/traefik/traefik
Introduced in: 0 Fixed in: 2.10.5
Fix go get github.com/traefik/traefik@v2.10.5
Go / github.com/traefik/traefik
Introduced in: 3.0.0-beta1 Fixed in: 3.0.0-beta4
Fix go get github.com/traefik/traefik@v3.0.0-beta4

References