GHSA-7jmw-8259-q9jx: Traefik has unexpected behavior with IPv4-mapped IPv6 addresses

June 11, 2024

There is a vulnerability in Go managing various Is methods (IsPrivate, IsLoopback, etc) for IPv4-mapped IPv6 addresses.

They didn’t work as expected returning false for addresses which would return true in their traditional IPv4 forms.

References

github.com/advisories/GHSA-7jmw-8259-q9jx
github.com/traefik/traefik
github.com/traefik/traefik/releases/tag/v2.11.4
github.com/traefik/traefik/releases/tag/v3.0.2
github.com/traefik/traefik/security/advisories/GHSA-7jmw-8259-q9jx
www.cve.org/CVERecord?id=CVE-2024-24790

Code Behaviors & Features

Detect and mitigate GHSA-7jmw-8259-q9jx with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →