10 matches found
Insufficient Verification of Data Authenticity
Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the ForwardAuth middleware when trustForwardHeader is set to false and the deployment is behind a trusted upstream proxy. An attacker can gain unauthorized access to protected backend...
EUVD-2023-1460
Malicious code in bioql PyPI...
Header Injection
Traefik is vulnerable to Header Injection. The vulnerability is due to improper validation of the X-Forwarded-Prefix header, allowing it to be provided from an untrusted source...
GHSA-H924-8G65-J9WG Traefik's X-Forwarded-Prefix Header still allows for Open Redirect
Impact There is a vulnerability in Traefik that allows the client to provide the X-Forwarded-Prefix header from an untrusted source. Patches - https://github.com/traefik/traefik/releases/tag/v2.11.14 - https://github.com/traefik/traefik/releases/tag/v3.2.1 Workarounds No workaround. For more...
CVE-2024-52003 X-Forwarded-Prefix Header still allows for Open Redirect in traefik
Traefik pronounced traffic is an HTTP reverse proxy and load balancer. There is a vulnerability in Traefik that allows the client to provide the X-Forwarded-Prefix header from an untrusted source. This issue has been addressed in versions 2.11.14 and 3.2.1. Users are advised to upgrade. There are...
CVE-2023-26125
A flaw was found in Gin-Gonic Gin. This flaw allows a remote attacker to bypass security restrictions caused by improper input validation. An attacker can perform cache poisoning attacks by sending a specially-crafted request using the X-Forwarded-Prefix header. Mitigation Mitigation for this iss...
Input validation
Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning. Note: Although this issue does not pose a significant...
CVE-2023-26125
Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning. Note: Although this issue does not pose a significant...
Improper Input Validation
Overview github.com/gin-gonic/gin is a package that implements a HTTP web framework called gin. Affected versions of this package are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache...
Open redirect
In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vulnerability in Traefik's handling of the "X-Forwarded-Prefix" header. The Traefik API dashboard component doesn't validate that the value of the header "X-Forwarded-Prefix" is a site relative path an...