Security Advisories

CGA-8q47-qvfw-p74x

Published

Last updated

https://images.chainguard.dev/security/CGA-8q47-qvfw-p74x

Package

traefik-fips

Latest Update

Fixed

Fixed Version

2.11.2-r0

Aliases

CVE-2024-28869
GHSA-4vwx-54mw-vqfw

Severity

7.5

High

CVSS V3

Summary

Traefik vulnerable to denial of service with Content-length header

Description

There is a potential vulnerability in Traefik managing requests with Content-length and no body .

Sending a GET request to any Traefik endpoint with the Content-length request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of service.

Patches

https://github.com/traefik/traefik/releases/tag/v2.11.2
https://github.com/traefik/traefik/releases/tag/v3.0.0-rc5

Workarounds

For affected versions, this vulnerability can be mitigated by configuring the readTimeout option.

For more information

If you have any questions or comments about this advisory, please open an issue.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-28869
https://github.com/advisories/GHSA-4vwx-54mw-vqfw
https://github.com/traefik/traefik/security/advisories/GHSA-4vwx-54mw-vqfw
https://github.com/traefik/traefik/commit/240b83b77351dfd8cadb91c305b84e9d22e0f9c6
https://doc.traefik.io/traefik/routing/entrypoints/#respondingtimeouts
https://github.com/traefik/traefik
https://github.com/traefik/traefik/releases/tag/v2.11.2
https://github.com/traefik/traefik/releases/tag/v3.0.0-rc5

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-8q47-qvfw-p74x

Severity

Summary

Description

Patches

Workarounds

For more information

References

Updates

Product

Why Chainguard

Customers

Company

Resources