← Back

CVE-2024-28869

nvd nist
Published: Apr 12, 2024Modified: Nov 26, 2025

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: security-advisories@github.com (Secondary)

Description

Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the "Content-length" request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of service. This vulnerability has been addressed in version 2.11.2 and 3.0.0-rc5. Users are advised to upgrade. For affected versions, this vulnerability can be mitigated by configuring the readTimeout option.

Affected (11)

Products: Traefik: Traefik
Traefik
1 product
Traefik
Configuration A
11 vulnerable
Vulnerable SoftwareAffected Versions
Traefik
Traefik
Before 2.11.2
Traefik
Version 3.0.0
Traefik
Version 3.0.0 beta1
Traefik
Version 3.0.0 beta2
Traefik
Version 3.0.0 beta3
Traefik
Version 3.0.0 beta4
Traefik
Version 3.0.0 beta5
Traefik
Version 3.0.0 rc1
Traefik
Version 3.0.0 rc2
Traefik
Version 3.0.0 rc3
Traefik
Version 3.0.0 rc4

Related CWEs

CWE-755
Improper Handling of Exceptional Conditions
The product does not handle or incorrectly handles an exceptional condition.

References (10)

Source: security-advisories@github.com
Product
Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
Release Notes
Source: security-advisories@github.com
Release Notes
Source: security-advisories@github.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.