CVE-2024-52003

Name
CVE-2024-52003
Description
Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. There is a vulnerability in Traefik that allows the client to provide the X-Forwarded-Prefix header from an untrusted source. This issue has been addressed in versions 2.11.14 and 3.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
CONFIRM https://github.com/traefik/traefik/security/advisories/GHSA-h924-8g65-j9wg
MISC https://github.com/traefik/traefik/pull/11253
MISC https://github.com/traefik/traefik/releases/tag/v2.11.14
MISC https://github.com/traefik/traefik/releases/tag/v3.2.1

Match rules

CPE URI Source package Min version Max version
traefik >= 0 < 2.11.14
traefik >= 3.0.0 < 3.2.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
traefik edge-community 3.1.7-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik 3.20-community 3.0.0-r3 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable