x/vulndb: potential Go vuln in github.com/traefik/traefik/v3: GHSA-hxr6-2p24-hf98 #3342

GoVulnBot · 2024-12-17T16:01:18Z

Advisory GHSA-hxr6-2p24-hf98 references a vulnerability in the following Go modules:

Module
github.com/traefik/traefik
github.com/traefik/traefik/v2
github.com/traefik/traefik/v3

Description:
There is a potential vulnerability in Traefik managing HTTP/3 connections.

More details in the CVE-2024-53259.

Patches

Workarounds

No workaround

For more information

If you have any questions or comments about this advisory, please open an issue.

References:

ADVISORY: GHSA-hxr6-2p24-hf98
ADVISORY: GHSA-hxr6-2p24-hf98
WEB: https://github.com/traefik/traefik/releases/tag/v2.11.15
WEB: https://github.com/traefik/traefik/releases/tag/v3.2.2

Cross references:

github.com/traefik/traefik appears in 19 other report(s):
- data/excluded/GO-2023-2117.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: GHSA-7v4p-328v-8v5g #2117) DEPENDENT_VULNERABILITY
- data/reports/GO-2022-0325.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: CVE-2022-23632 #325)
- data/reports/GO-2022-0808.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: GHSA-7h6j-2268-fhcm #808)
- data/reports/GO-2022-0923.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: CVE-2021-32813, GHSA-m697-4v8f-55qg #923)
- data/reports/GO-2022-1152.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik/v2: GHSA-468w-8x39-gj5v #1152)
- data/reports/GO-2022-1154.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik/v2: GHSA-h2ph-vhm7-g4hp #1154)
- data/reports/GO-2023-1919.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik/v3: GHSA-r3fq-cmmw-cpmm #1919)
- data/reports/GO-2023-1950.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik/v3: GHSA-2cjc-rgmp-x649 #1950)
- data/reports/GO-2023-2376.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: CVE-2023-47106 #2376)
- data/reports/GO-2023-2377.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: CVE-2023-47633 #2377)
- data/reports/GO-2023-2381.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik/v3: GHSA-8g85-whqh-cr2f #2381)
- data/reports/GO-2024-2722.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: GHSA-4vwx-54mw-vqfw #2722)
- data/reports/GO-2024-2726.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik/v3: GHSA-7f4j-64p6-5h5v #2726)
- data/reports/GO-2024-2880.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: GHSA-f7cq-5v43-8pwp #2880)
- data/reports/GO-2024-2917.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: GHSA-7jmw-8259-q9jx #2917)
- data/reports/GO-2024-2941.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik/v2: GHSA-rvj4-q8q5-8grf #2941)
- data/reports/GO-2024-2973.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: CVE-2024-39321 #2973)
- data/reports/GO-2024-3135.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: GHSA-62c8-mh53-4cqv #3135)
- data/reports/GO-2024-3299.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: CVE-2024-52003 #3299)
github.com/traefik/traefik/v2 appears in 17 other report(s):
- data/excluded/GO-2022-1057.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik/v2: GHSA-c6hx-pjc3-7fqr #1057) DEPENDENT_VULNERABILITY
- data/excluded/GO-2023-1715.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik/v2: GHSA-7hj9-rv74-5g92 #1715) DEPENDENT_VULNERABILITY
- data/reports/GO-2022-0325.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: CVE-2022-23632 #325)
- data/reports/GO-2022-0923.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: CVE-2021-32813, GHSA-m697-4v8f-55qg #923)
- data/reports/GO-2022-1152.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik/v2: GHSA-468w-8x39-gj5v #1152)
- data/reports/GO-2022-1154.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik/v2: GHSA-h2ph-vhm7-g4hp #1154)
- data/reports/GO-2023-2376.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: CVE-2023-47106 #2376)
- data/reports/GO-2023-2377.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: CVE-2023-47633 #2377)
- data/reports/GO-2023-2381.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik/v3: GHSA-8g85-whqh-cr2f #2381)
- data/reports/GO-2024-2722.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: GHSA-4vwx-54mw-vqfw #2722)
- data/reports/GO-2024-2726.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik/v3: GHSA-7f4j-64p6-5h5v #2726)
- data/reports/GO-2024-2880.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: GHSA-f7cq-5v43-8pwp #2880)
- data/reports/GO-2024-2917.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: GHSA-7jmw-8259-q9jx #2917)
- data/reports/GO-2024-2941.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik/v2: GHSA-rvj4-q8q5-8grf #2941)
- data/reports/GO-2024-2973.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: CVE-2024-39321 #2973)
- data/reports/GO-2024-3135.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: GHSA-62c8-mh53-4cqv #3135)
- data/reports/GO-2024-3299.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: CVE-2024-52003 #3299)
github.com/traefik/traefik/v3 appears in 11 other report(s):
- data/reports/GO-2023-2376.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: CVE-2023-47106 #2376)
- data/reports/GO-2023-2377.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: CVE-2023-47633 #2377)
- data/reports/GO-2023-2381.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik/v3: GHSA-8g85-whqh-cr2f #2381)
- data/reports/GO-2024-2722.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: GHSA-4vwx-54mw-vqfw #2722)
- data/reports/GO-2024-2726.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik/v3: GHSA-7f4j-64p6-5h5v #2726)
- data/reports/GO-2024-2880.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: GHSA-f7cq-5v43-8pwp #2880)
- data/reports/GO-2024-2917.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: GHSA-7jmw-8259-q9jx #2917)
- data/reports/GO-2024-2941.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik/v2: GHSA-rvj4-q8q5-8grf #2941)
- data/reports/GO-2024-2973.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: CVE-2024-39321 #2973)
- data/reports/GO-2024-3135.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: GHSA-62c8-mh53-4cqv #3135)
- data/reports/GO-2024-3299.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: CVE-2024-52003 #3299)

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/traefik/traefik
      vulnerable_at: 1.7.34
    - module: github.com/traefik/traefik/v2
      versions:
        - fixed: 2.11.15
      vulnerable_at: 2.11.14
    - module: github.com/traefik/traefik/v3
      versions:
        - fixed: 3.2.2
      vulnerable_at: 3.2.1
summary: Traefik affected by CVE-2024-53259 in github.com/traefik/traefik
ghsas:
    - GHSA-hxr6-2p24-hf98
references:
    - advisory: https://github.com/advisories/GHSA-hxr6-2p24-hf98
    - advisory: https://github.com/traefik/traefik/security/advisories/GHSA-hxr6-2p24-hf98
    - web: https://github.com/traefik/traefik/releases/tag/v2.11.15
    - web: https://github.com/traefik/traefik/releases/tag/v3.2.2
source:
    id: GHSA-hxr6-2p24-hf98
    created: 2024-12-17T16:01:18.278462255Z
review_status: UNREVIEWED

The text was updated successfully, but these errors were encountered:

gopherbot · 2024-12-20T19:32:41Z

Change https://go.dev/cl/638116 mentions this issue: data/reports: add 6 unreviewed reports

gopherbot · 2024-12-20T20:07:34Z

Change https://go.dev/cl/637956 mentions this issue: data/reports: add 6 unreviewed reports

GoVulnBot added the NeedsTriage label Dec 17, 2024

tatianab added the triaged label Dec 20, 2024

tatianab removed the NeedsTriage label Dec 20, 2024

gopherbot closed this as completed in 83c1120 Dec 20, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/traefik/traefik/v3: GHSA-hxr6-2p24-hf98 #3342

x/vulndb: potential Go vuln in github.com/traefik/traefik/v3: GHSA-hxr6-2p24-hf98 #3342

GoVulnBot commented Dec 17, 2024

gopherbot commented Dec 20, 2024

gopherbot commented Dec 20, 2024

x/vulndb: potential Go vuln in github.com/traefik/traefik/v3: GHSA-hxr6-2p24-hf98 #3342

x/vulndb: potential Go vuln in github.com/traefik/traefik/v3: GHSA-hxr6-2p24-hf98 #3342

Comments

GoVulnBot commented Dec 17, 2024

Patches

Workarounds

For more information

gopherbot commented Dec 20, 2024

gopherbot commented Dec 20, 2024