MEDIUM
GHSA-7v4p-328v-8v5g
Traefik vulnerable to HTTP/2 request causing denial of service
Details
### Impact
A vulnerability CVE-2023-39325 exists in [Go managing HTTP/2 requests](https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ?pli=1), which impacts Traefik. This vulnerability could be exploited to cause a denial of service.
### References
- [CVE-2023-44487](https://www.cve.org/CVERecord?id=CVE-2023-44487) - [CVE-2023-39325](https://www.cve.org/CVERecord?id=CVE-2023-39325)
### Patches
- https://github.com/traefik/traefik/releases/tag/v2.10.5 - https://github.com/traefik/traefik/releases/tag/v3.0.0-beta4
Are you affected?
Enter the version of the package you're using.
Affected packages
Go / github.com/traefik/traefik
Introduced in:
0 Fixed in: 2.10.5 Fix
go get github.com/traefik/traefik@v2.10.5 Go / github.com/traefik/traefik
Introduced in:
3.0.0-beta1 Fixed in: 3.0.0-beta4 Fix
go get github.com/traefik/traefik@v3.0.0-beta4