9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.6 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
27.0%
There is a vulnerability in Go managing various Is methods (IsPrivate, IsLoopback, etc) for IPv4-mapped IPv6 addresses.
They didn’t work as expected returning false for addresses which would return true in their traditional IPv4 forms.
No workaround.
If you have any questions or comments about this advisory, please open an issue.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/traefik/traefik | lt | 2.11.4 | |
github.com/traefik/traefik/v2 | lt | 2.11.4 | |
github.com/traefik/traefik/v3 | lt | 3.0.2 |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.6 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
27.0%