4 matches found
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via unsanitized header or query parameter match values in the HTTPRoute resource. An attacker can bypass listener hostname constraints and...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via unsanitized header or query parameter match values in the HTTPRoute resource. An attacker can bypass listener hostname constraints and...
CVE-2026-29777
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter match values. In shared gateway deployments, this can...
PT-2026-24718
Name of the Vulnerable Software and Affected Versions Traefik versions prior to 3.6.10 Description Traefik is an HTTP reverse proxy and load balancer. A tenant with write access to an HTTPRoute resource can inject rule tokens into Traefikās router rule language through unsanitized header or query...