x/vulndb: potential Go vuln in github.com/traefik/traefik/v3: GHSA-hxr6-2p24-hf98

[GoVulnBot]

Advisory GHSA-hxr6-2p24-hf98 references a vulnerability in the following Go modules:

Module
github.com/traefik/traefik
github.com/traefik/traefik/v2
github.com/traefik/traefik/v3

Description:
There is a potential vulnerability in Traefik managing HTTP/3 connections.

More details in the CVE-2024-53259.

Patches

• https://github.com/traefik/traefik/releases/tag/v2.11.15
• https://github.com/traefik/traefik/releases/tag/v3.2.2

Workarounds

No workaround

For more information

If you have any questions or comments about this advisory, please open an issue.

References:

• ADVISORY: GHSA-hxr6-2p24-hf98
• ADVISORY: GHSA-hxr6-2p24-hf98
• WEB: https://github.com/traefik/traefik/releases/tag/v2.11.15
• WEB: https://github.com/traefik/traefik/releases/tag/v3.2.2

Cross references:

• github.com/traefik/traefik appears in 19 other report(s):
  • data/excluded/GO-2023-2117.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: GHSA-7v4p-328v-8v5g #2117) DEPENDENT_VULNERABILITY
  • data/reports/GO-2022-0325.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: CVE-2022-23632 #325)
  • data/reports/GO-2022-0808.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: GHSA-7h6j-2268-fhcm #808)
  • data/reports/GO-2022-0923.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: CVE-2021-32813, GHSA-m697-4v8f-55qg #923)
  • data/reports/GO-2022-1152.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik/v2: GHSA-468w-8x39-gj5v #1152)
  • data/reports/GO-2022-1154.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik/v2: GHSA-h2ph-vhm7-g4hp #1154)
  • data/reports/GO-2023-1919.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik/v3: GHSA-r3fq-cmmw-cpmm #1919)
  • data/reports/GO-2023-1950.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik/v3: GHSA-2cjc-rgmp-x649 #1950)
  • data/reports/GO-2023-2376.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: CVE-2023-47106 #2376)
  • data/reports/GO-2023-2377.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: CVE-2023-47633 #2377)
  • data/reports/GO-2023-2381.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik/v3: GHSA-8g85-whqh-cr2f #2381)
  • data/reports/GO-2024-2722.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: GHSA-4vwx-54mw-vqfw #2722)
  • data/reports/GO-2024-2726.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik/v3: GHSA-7f4j-64p6-5h5v #2726)
  • data/reports/GO-2024-2880.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: GHSA-f7cq-5v43-8pwp #2880)
  • data/reports/GO-2024-2917.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: GHSA-7jmw-8259-q9jx #2917)
  • data/reports/GO-2024-2941.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik/v2: GHSA-rvj4-q8q5-8grf #2941)
  • data/reports/GO-2024-2973.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: CVE-2024-39321 #2973)
  • data/reports/GO-2024-3135.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: GHSA-62c8-mh53-4cqv #3135)
  • data/reports/GO-2024-3299.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: CVE-2024-52003 #3299)
• github.com/traefik/traefik/v2 appears in 17 other report(s):
  • data/excluded/GO-2022-1057.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik/v2: GHSA-c6hx-pjc3-7fqr #1057) DEPENDENT_VULNERABILITY
  • data/excluded/GO-2023-1715.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik/v2: GHSA-7hj9-rv74-5g92 #1715) DEPENDENT_VULNERABILITY
  • data/reports/GO-2022-0325.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: CVE-2022-23632 #325)
  • data/reports/GO-2022-0923.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: CVE-2021-32813, GHSA-m697-4v8f-55qg #923)
  • data/reports/GO-2022-1152.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik/v2: GHSA-468w-8x39-gj5v #1152)
  • data/reports/GO-2022-1154.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik/v2: GHSA-h2ph-vhm7-g4hp #1154)
  • data/reports/GO-2023-2376.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: CVE-2023-47106 #2376)
  • data/reports/GO-2023-2377.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: CVE-2023-47633 #2377)
  • data/reports/GO-2023-2381.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik/v3: GHSA-8g85-whqh-cr2f #2381)
  • data/reports/GO-2024-2722.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: GHSA-4vwx-54mw-vqfw #2722)
  • data/reports/GO-2024-2726.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik/v3: GHSA-7f4j-64p6-5h5v #2726)
  • data/reports/GO-2024-2880.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: GHSA-f7cq-5v43-8pwp #2880)
  • data/reports/GO-2024-2917.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: GHSA-7jmw-8259-q9jx #2917)
  • data/reports/GO-2024-2941.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik/v2: GHSA-rvj4-q8q5-8grf #2941)
  • data/reports/GO-2024-2973.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: CVE-2024-39321 #2973)
  • data/reports/GO-2024-3135.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: GHSA-62c8-mh53-4cqv #3135)
  • data/reports/GO-2024-3299.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: CVE-2024-52003 #3299)
• github.com/traefik/traefik/v3 appears in 11 other report(s):
  • data/reports/GO-2023-2376.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: CVE-2023-47106 #2376)
  • data/reports/GO-2023-2377.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: CVE-2023-47633 #2377)
  • data/reports/GO-2023-2381.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik/v3: GHSA-8g85-whqh-cr2f #2381)
  • data/reports/GO-2024-2722.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: GHSA-4vwx-54mw-vqfw #2722)
  • data/reports/GO-2024-2726.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik/v3: GHSA-7f4j-64p6-5h5v #2726)
  • data/reports/GO-2024-2880.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: GHSA-f7cq-5v43-8pwp #2880)
  • data/reports/GO-2024-2917.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: GHSA-7jmw-8259-q9jx #2917)
  • data/reports/GO-2024-2941.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik/v2: GHSA-rvj4-q8q5-8grf #2941)
  • data/reports/GO-2024-2973.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: CVE-2024-39321 #2973)
  • data/reports/GO-2024-3135.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: GHSA-62c8-mh53-4cqv #3135)
  • data/reports/GO-2024-3299.yaml (x/vulndb: potential Go vuln in github.com/traefik/traefik: CVE-2024-52003 #3299)

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/traefik/traefik
      vulnerable_at: 1.7.34
    - module: github.com/traefik/traefik/v2
      versions:
        - fixed: 2.11.15
      vulnerable_at: 2.11.14
    - module: github.com/traefik/traefik/v3
      versions:
        - fixed: 3.2.2
      vulnerable_at: 3.2.1
summary: Traefik affected by CVE-2024-53259 in github.com/traefik/traefik
ghsas:
    - GHSA-hxr6-2p24-hf98
references:
    - advisory: https://github.com/advisories/GHSA-hxr6-2p24-hf98
    - advisory: https://github.com/traefik/traefik/security/advisories/GHSA-hxr6-2p24-hf98
    - web: https://github.com/traefik/traefik/releases/tag/v2.11.15
    - web: https://github.com/traefik/traefik/releases/tag/v3.2.2
source:
    id: GHSA-hxr6-2p24-hf98
    created: 2024-12-17T16:01:18.278462255Z
review_status: UNREVIEWED

[gopherbot]

Change https://go.dev/cl/638116 mentions this issue: data/reports: add 6 unreviewed reports

[gopherbot]

Change https://go.dev/cl/637956 mentions this issue: data/reports: add 6 unreviewed reports