Lucene search
GoogleOSV:GHSA-7F4J-64P6-5H5VHistoryApr 15, 2024 - 6:14 p.m.
Traefik affected by HTTP/2 CONTINUATION flood in net/http
2024-04-1518:14:51
Google
osv.dev
12
traefik
vulnerability
http/2
continuation
flood
net/http
patches
releases
There is a potential vulnerability in Traefik managing HTTP/2 connections.
More details in the CVE-2023-45288.
Patches
- https://github.com/traefik/traefik/releases/tag/v2.11.2
- https://github.com/traefik/traefik/releases/tag/v3.0.0-rc5
Workarounds
No workaround
For more information
If you have any questions or comments about this advisory, please open an issue.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/traefik/traefik/v3 | lt | 3.0.0-rc5 | |
| github.com/traefik/traefik/v2 | lt | 2.11.2 | |
| github.com/traefik/traefik/v3 | ge | 3.0.0-rc1 |
Related
nessus
nessus
AlmaLinux 8 : go-toolset:rhel8 (ALSA-2024:1962)
2024-04-29 00:00:00
Oracle Linux 9 : golang (ELSA-2024-1963)
2024-04-24 00:00:00
RHCOS 4 : OpenShift Container Platform 4.15.10 (RHSA-2024:1892)
2024-05-02 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-45288 affecting package moby-engine for versions less than 24.0.9-2
2024-05-06 17:48:02
CVE-2023-45288 affecting package kubernetes for versions less than 1.28.4-7
2024-05-14 05:06:12
CVE-2023-45288 affecting package git-lfs for versions less than 3.5.1-1
2024-04-30 01:31:53
openvas
openvas
Mageia: Security Advisory (MGASA-2024-0128)
2024-04-15 00:00:00
openSUSE: Security Advisory for go1.22 (SUSE-SU-2024:1121-1)
2024-04-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:1122-1)
2024-05-07 00:00:00
mageia
mageia
Updated golang packages fix security vulnerability
2024-04-13 19:56:38
freebsd
freebsd
forgejo -- HTTP/2 CONTINUATION flood in net/http
2024-04-04 00:00:00
go -- http2: close connections when receiving too many headers
2024-04-03 00:00:00
redhat
redhat
(RHSA-2024:1963) Important: golang security update
2024-04-23 00:09:01
(RHSA-2024:2892) Important: go-toolset-1.19-golang security update
2024-05-16 12:05:07
(RHSA-2024:1962) Important: go-toolset:rhel8 security update
2024-04-23 00:08:55
ubuntucve
ubuntucve
CVE-2023-45288
2024-03-27 00:00:00
almalinux
almalinux
Important: git-lfs security update
2024-05-06 00:00:00
Important: go-toolset:rhel8 security update
2024-04-23 00:00:00
Important: golang security update
2024-04-23 00:00:00
alpinelinux
alpinelinux
CVE-2023-45288
2024-04-04 21:15:16
oraclelinux
oraclelinux
golang security update
2024-04-23 00:00:00
go-toolset:ol8 security update
2024-04-23 00:00:00
git-lfs security update
2024-05-08 00:00:00
redhatcve
redhatcve
CVE-2023-45288
2024-04-03 20:53:54
osv
osv
BIT-golang-2023-45288
2024-04-06 18:19:39
net/http, x/net/http2: close connections when receiving too many headers
2024-04-04 21:30:32
Important: git-lfs security update
2024-05-09 18:50:42
rocky
rocky
go-toolset:rhel8 security update
2024-05-06 13:04:21
git-lfs security update
2024-05-09 18:50:42
git-lfs security update
2024-05-10 14:32:42
github
github
net/http, x/net/http2: close connections when receiving too many headers
2024-04-04 21:30:32
Traefik affected by HTTP/2 CONTINUATION flood in net/http
2024-04-15 18:14:51
veracode
veracode
Denial Of Service (DOS)
2024-04-05 07:19:44
cvelist
cvelist
CVE-2023-45288 HTTP/2 CONTINUATION flood in net/http
2024-04-04 20:37:30
cve
cve
CVE-2023-45288
2024-04-04 21:15:16
ibm
ibm
debiancve
debiancve
CVE-2023-45288
2024-04-04 21:15:16
githubexploit
githubexploit
Exploit for CVE-2023-45288
2024-04-06 06:33:45
wolfi
wolfi
CVE-2023-45288 vulnerabilities
2024-05-18 21:07:16
cgr
cgr
CVE-2023-45288 vulnerabilities
2024-05-18 15:53:42
fedora
fedora
[SECURITY] Fedora 40 Update: kubernetes-1.29.4-1.fc40
2024-04-25 01:01:14
redos
redos
ROS-20240422-05
2024-04-22 00:00:00
arista
arista
Security Advisory 0094
2024-04-05 00:00:00
thn
thn
New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks
2024-04-04 11:15:00
cert
cert
HTTP/2 CONTINUATION frames can be utilized for DoS attacks
2024-04-03 00:00:00