Traefik affected by HTTP/2 CONTINUATION flood in net/http

Published: Apr 15, 2024
Updated: Apr 16, 2024
GHSA: <a href="https://github.com/advisories/GHSA-7f4j-64p6-5h5v" target="_blank" rel="noopener"> GHSA-7f4j-64p6-5h5v
Severity: Medium
Exploit:

There is a potential vulnerability in Traefik managing HTTP/2 connections.

More details in the CVE-2023-45288.

Patches

No workaround

If you have any questions or comments about this advisory, please open an issue.

No technical information available.

No CWE or OWASP classifications available.

Software	From	Fixed in
github.com/traefik/traefik/v2	-	2.11.2
github.com/traefik/traefik/v3	3.0.0-rc1	3.0.0-rc5