CVE-2024-28869
Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the "Content-length" request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of service. This vulnerability has been addressed in version 2.11.2 and 3.0.0-rc5. Users are advised to upgrade. For affected versions, this vulnerability can be mitigated by configuring the readTimeout option.
| Software | From | Fixed in |
|---|---|---|
github.com/traefik/traefik/v3
|
3.0.0-beta3 | 3.0.0-rc5 |
|
github.com/traefik/traefik/v2
|
- | 2.11.2 |
|
github.com/traefik/traefik
|
- | 2.11.2 |
| traefik / traefik | - | 2.11.2 |
| traefik / traefik | 3.0.0 | 3.0.0.x |
| traefik / traefik | 3.0.0-beta1 | 3.0.0-beta1.x |
| traefik / traefik | 3.0.0-beta2 | 3.0.0-beta2.x |
| traefik / traefik | 3.0.0-beta3 | 3.0.0-beta3.x |
| traefik / traefik | 3.0.0-beta4 | 3.0.0-beta4.x |
| traefik / traefik | 3.0.0-beta5 | 3.0.0-beta5.x |
| traefik / traefik | 3.0.0-rc1 | 3.0.0-rc1.x |
| traefik / traefik | 3.0.0-rc2 | 3.0.0-rc2.x |
| traefik / traefik | 3.0.0-rc3 | 3.0.0-rc3.x |
| traefik / traefik | 3.0.0-rc4 | 3.0.0-rc4.x |
- https://doc.traefik.io/traefik/routing/entrypoints/#respondingtimeouts
- https://github.com/traefik/traefik/commit/240b83b77351dfd8cadb91c305b84e9d22e0f9c6
- https://github.com/traefik/traefik/releases/tag/v2.11.2
- https://github.com/traefik/traefik/releases/tag/v3.0.0-rc5
- https://github.com/traefik/traefik/security/advisories/GHSA-4vwx-54mw-vqfw
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime