Traefik

Traefik

22 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2023-44487

Warning Media report Exploit
  • EPSS 94.44%
  • Published 10.10.2023 14:15:10
  • Last modified 11.06.2025 17:29:54

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

7.5

CVE-2023-29013

  • EPSS 3.26%
  • Published 14.04.2023 19:15:09
  • Last modified 13.02.2025 17:16:17

Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memo...

6.5

CVE-2022-46153

  • EPSS 1.02%
  • Published 08.12.2022 22:15:10
  • Last modified 21.11.2024 07:30:12

Traefik is an open source HTTP reverse proxy and load balancer. In affected versions there is a potential vulnerability in Traefik managing TLS connections. A router configured with a not well-formatted TLSOption is exposed with an empty TLSOption. F...

6.5

CVE-2022-23469

Exploit
  • EPSS 0.39%
  • Published 08.12.2022 22:15:10
  • Last modified 21.11.2024 06:48:37

Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, cre...

7.5

CVE-2022-39271

  • EPSS 0.1%
  • Published 11.10.2022 14:15:09
  • Last modified 21.11.2024 07:17:55

Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. There is a potential vulnerability in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever be...

7.5

CVE-2022-23632

  • EPSS 0.55%
  • Published 17.02.2022 15:15:09
  • Last modified 21.11.2024 06:48:58

Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.6.1, Traefik skips the router transport layer security (TLS) configuration when the host header is a fully qualified domain name (FQDN). For a request, the TLS configuration choic...

8.1

CVE-2021-32813

  • EPSS 0.38%
  • Published 03.08.2021 23:15:07
  • Last modified 21.11.2024 06:07:48

Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.4.13, there exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed he...

4.7

CVE-2020-15129

  • EPSS 70.07%
  • Published 30.07.2020 16:15:11
  • Last modified 21.11.2024 05:04:54

In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vulnerability in Traefik's handling of the "X-Forwarded-Prefix" header. The Traefik API dashboard component doesn't validate that the value of the header ...

7.5

CVE-2019-20894

Exploit
  • EPSS 0.77%
  • Published 02.07.2020 16:15:11
  • Last modified 21.11.2024 04:39:38

Traefik 2.x, in certain configurations, allows HTTPS sessions to proceed without mutual TLS verification in a situation where ERR_BAD_SSL_CLIENT_AUTH_CERT should have occurred.

7.5

CVE-2020-9321

  • EPSS 0.16%
  • Published 16.03.2020 19:15:11
  • Last modified 21.11.2024 05:40:24

configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging.