x/vulndb: potential Go vuln in github.com/traefik/traefik/v2: GHSA-c6hx-pjc3-7fqr

[GoVulnBot]

In GitHub Security Advisory GHSA-c6hx-pjc3-7fqr, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/traefik/traefik/v2	2.9.0-rc5	>= 2.9.0-rc1, < 2.9.0-rc5

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: TODO
    versions:
      - introduced: 2.9.0-rc1
        fixed: 2.9.0-rc5
    packages:
      - package: github.com/traefik/traefik/v2
  - module: TODO
    versions:
      - fixed: 2.8.8
    packages:
      - package: github.com/traefik/traefik/v2
description: |
    ### Impact

    There is a potential vulnerability in Traefik managing HTTP/2 connections.
    A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. This failure mode could be exploited to cause a denial of service.

    ### Patches

    Traefik v2.8.x: https://github.com/traefik/traefik/releases/tag/v2.8.8
    Traefik v2.9.x: https://github.com/traefik/traefik/releases/tag/v2.9.0-rc5

    ### Workarounds

    No workaround.

    ### For more information

    If you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues).
cves:
  - CVE-2022-39271
ghsas:
  - GHSA-c6hx-pjc3-7fqr

[neild]

This is #969.

[gopherbot]

Change https://go.dev/cl/443397 mentions this issue: data/excluded: add GO-2022-1057.yaml for CVE-2022-39271