GMS-2023-3451: Traefik vulnerable to HTTP/2 request causing denial of service

October 17, 2023

Impact

A vulnerability CVE-2023-39325 exists in Go managing HTTP/2 requests, which impacts Traefik. This vulnerability could be exploited to cause a denial of service.

References

CVE-2023-44487
CVE-2023-39325

Patches

https://github.com/traefik/traefik/releases/tag/v2.10.5
https://github.com/traefik/traefik/releases/tag/v3.0.0-beta4

References

github.com/advisories/GHSA-7v4p-328v-8v5g
github.com/traefik/traefik/security/advisories/GHSA-7v4p-328v-8v5g
groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ?pli=1

Code Behaviors & Features

Detect and mitigate GMS-2023-3451 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →