CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
70.2%
There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik.
HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This behavior could be exploited to cause a denial of service.
No workaround.
If you have any questions or comments about this advisory, please open an issue.
github.com/advisories/GHSA-8v5j-pwr7-w5f8
github.com/traefik/traefik
github.com/traefik/traefik/commit/4ed3964b3586565519249bbdc55eb1b961c08c49
github.com/traefik/traefik/releases/tag/v2.10.0-rc2
github.com/traefik/traefik/releases/tag/v2.9.10
github.com/traefik/traefik/security/advisories/GHSA-7hj9-rv74-5g92
groups.google.com/g/golang-announce/c/Xdv6JL9ENs8/m/OV40vnafAwAJ
nvd.nist.gov/vuln/detail/CVE-2023-29013
security.netapp.com/advisory/ntap-20230517-0008