GHSA-7f4j-64p6-5h5v

Source

https://github.com/advisories/GHSA-7f4j-64p6-5h5v

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-7f4j-64p6-5h5v/GHSA-7f4j-64p6-5h5v.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-7f4j-64p6-5h5v

Aliases

GO-2024-2726

Related

CGA-xr8q-rwhm-4737

Published

2024-04-15T18:14:51Z

Modified

2026-02-04T04:04:38.673404Z

Summary

Traefik affected by HTTP/2 CONTINUATION flood in net/http

Details

There is a potential vulnerability in Traefik managing HTTP/2 connections.

More details in the CVE-2023-45288.

Patches

https://github.com/traefik/traefik/releases/tag/v2.11.2
https://github.com/traefik/traefik/releases/tag/v3.0.0-rc5

Workarounds

No workaround

For more information

If you have any questions or comments about this advisory, please open an issue.

Database specific

{
    "github_reviewed": true,
    "nvd_published_at": null,
    "cwe_ids": [],
    "github_reviewed_at": "2024-04-15T18:14:51Z",
    "severity": "MODERATE"
}

References

Affected packages

Go / github.com/traefik/traefik/v2

Package

Name: github.com/traefik/traefik/v2; View open source insights on deps.dev
Purl: pkg:golang/github.com/traefik/traefik/v2

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.11.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-7f4j-64p6-5h5v/GHSA-7f4j-64p6-5h5v.json"

Go / github.com/traefik/traefik/v3

Package

Name: github.com/traefik/traefik/v3; View open source insights on deps.dev
Purl: pkg:golang/github.com/traefik/traefik/v3

Affected ranges

Type: SEMVER
Events: Introduced

3.0.0-rc1

Fixed

3.0.0-rc5

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-7f4j-64p6-5h5v/GHSA-7f4j-64p6-5h5v.json"