Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-7hj9-rv74-5g92: Traefik HTTP header parsing could cause a denial of service

Impact

There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This behavior could be exploited to cause a denial of service.

References

Patches

  • https://github.com/traefik/traefik/releases/tag/v2.9.10
  • https://github.com/traefik/traefik/releases/tag/v2.10.0-rc2

Workarounds

No workaround.

For more information

If you have any questions or comments about this advisory, please open an issue.

ghsa
Open in Source
#vulnerability#google#dos#git

Traefik HTTP header parsing could cause a denial of service

High severity GitHub Reviewed Published Apr 11, 2023 in traefik/traefik • Updated Apr 11, 2023

Related news

CVE-2023-29013: Release v2.9.10 · traefik/traefik

Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This behavior could be exploited to cause a denial of service. This issue has been patched in versions 2.9.10 and 2.10.0-rc2.

ghsa: Latest News

GHSA-8gc2-vq6m-rwjw: Amazon Redshift Python Connector vulnerable to SQL Injection
ghsa