Security Advisories for github.com/traefik/traefik/v2 in go
Moderate
8 days ago
Traefik's errors middleware forwards Authorization and Cookie headers to separate error page service
go
github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
Moderate
18 days ago
Traefik: A timing side-channel vulnerability allows for valid username enumeration via BasicAuth middleware
go
github.com/traefik/traefik, github.com/traefik/traefik/v2, github.com/traefik/traefik/v3
High
18 days ago
Traefik has an StripPrefixRegex Middleware Authorization Bypass via Path/RawPath Desync
go
github.com/traefik/traefik, github.com/traefik/traefik/v2, github.com/traefik/traefik/v3
High
18 days ago
Traefik: Pre-authentication decision bypass due to forwarded alias spoofing
go
github.com/traefik/traefik, github.com/traefik/traefik/v2, github.com/traefik/traefik/v3
High
18 days ago
Traefik's ForwardAuth trustForwardHeader=false allows spoofed X-Forwarded-Prefix to bypass authentication
go
github.com/traefik/traefik, github.com/traefik/traefik/v2, github.com/traefik/traefik/v3
High
about 1 month ago
Traefik: Deny Rule Bypass via Unauthenticated Malicious gRPC Requests in gRPC-Go Dependency (CVE-2026-33186)
go
github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
Moderate
about 2 months ago
Traefik Vulnerable to BasicAuth/DigestAuth Identity Spoofing via Non-Canonical headerField
go
github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
Moderate
about 2 months ago
Traefik has Knative Ingress Rule Injection that Allows Host Restriction Bypass
go
github.com/traefik/traefik/v2, github.com/traefik/traefik/v3
Moderate
about 2 months ago
Traefik Affected by BasicAuth Middleware Timing Attack Allows Username Enumeration
go
github.com/traefik/traefik/v3, github.com/traefik/traefik/v2, github.com/traefik/traefik
High
about 2 months ago
Traefik has a Potential mTLS Bypass via Fragmented TLS ClientHello Causing Pre-SNI Sniff Fallback to Default Non-mTLS TLS Config
go
github.com/traefik/traefik, github.com/traefik/traefik/v2, github.com/traefik/traefik/v3
High
2 months ago
Traefik: HTTP/2 frames can cause a running server to panic
go
github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
High
2 months ago
traefik CVE-2024-45410 fix bypass: lowercase `Connection` tokens can delete traefik-managed forwarded identity headers (for example, `X-Real-Ip`)
go
github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
High
2 months ago
Traefik: tcp router clears read deadlines before tls forwarding, enabling stalled handshakes (Slowloris DOS)
go
github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
Moderate
2 months ago
Traefik has unbounded io.ReadAll on auth server response body that causes OOM DOS
go
github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
High
3 months ago
Traefik affected by TLS ClientAuth Bypass on HTTP/3
go
github.com/traefik/traefik/v3, github.com/traefik/traefik/v2, github.com/traefik/traefik
Moderate
4 months ago
Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall
go
github.com/traefik/traefik/v2, github.com/traefik/traefik/v3
High
9 months ago
Traefik Client Plugin's Path Traversal Vulnerability Allows Arbitrary File Overwrite and Remote Code Execution
go
github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
High
about 1 year ago
Traefik has a possible vulnerability with its path matchers
go
github.com/traefik/traefik/v3, github.com/traefik/traefik/v2, github.com/traefik/traefik
Critical
about 1 year ago
Traefik affected by Go HTTP Request Smuggling Vulnerability
go
github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
High
about 1 year ago
Traefik affected by Go oauth2/jws Improper Validation of Syntactic Correctness of Input vulnerability
go
github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
Moderate
over 1 year ago
Traefik affected by CVE-2024-53259
go
github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
Moderate
over 1 year ago
Traefik's X-Forwarded-Prefix Header still allows for Open Redirect
go
github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
Critical
over 1 year ago
HTTP client can manipulate custom HTTP headers that are added by Traefik
go
github.com/traefik/traefik, github.com/traefik/traefik/v2, github.com/traefik/traefik/v3
High
almost 2 years ago
Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes
go
github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
Moderate
almost 2 years ago
Traefik has unexpected behavior with IPv4-mapped IPv6 addresses
go
github.com/traefik/traefik, github.com/traefik/traefik/v2, github.com/traefik/traefik/v3
Moderate
almost 2 years ago
Traefik vulnerable to GO issue allowing malformed DNS message to cause infinite loop
go
github.com/traefik/traefik/v2
Moderate
about 2 years ago
Traefik affected by HTTP/2 CONTINUATION flood in net/http
go
github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
High
about 2 years ago
Traefik vulnerable to denial of service with Content-length header
go
github.com/traefik/traefik, github.com/traefik/traefik/v2, github.com/traefik/traefik/v3
High
over 2 years ago
Traefik docker container using 100% CPU
go
github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
Moderate
over 2 years ago
Traefik vulnerable to potential DDoS via ACME HTTPChallenge
go
github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
Moderate
over 2 years ago
Traefik incorrectly processes fragment in the URL, leads to Authorization Bypass
go
github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
High
about 3 years ago
Traefik HTTP header parsing could cause a denial of service
go
github.com/traefik/traefik/v2
Low
over 3 years ago
Traefik may display authorization header in the debug logs
go
github.com/traefik/traefik/v2
Moderate
over 3 years ago
Traefik routes exposed with an empty TLSOption
go
github.com/traefik/traefik/v2
High
over 3 years ago
Traefik HTTP/2 connections management could cause a denial of service
go
github.com/traefik/traefik/v2
High
about 4 years ago
Skip the router TLS configuration when the host header is an FQDN
go
github.com/traefik/traefik/v2
Moderate
about 4 years ago
Traefik vulnerable to Open Redirect via handling of X-Forwarded-Prefix header
go
github.com/containous/traefik/v2/pkg/api, github.com/containous/traefik/api, github.com/traefik/traefik/v2/pkg/api, github.com/traefik/traefik/api, github.com/containous/traefik/v2, github.com/traefik/traefik/v2, github.com/containous/traefik, github.com/traefik/traefik
Moderate
almost 5 years ago
Header dropping in traefik
go
github.com/traefik/traefik, github.com/traefik/traefik/v2