Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HTTP header parsing could cause a deny of service
Vulnerability Description
Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This behavior could be exploited to cause a denial of service. This issue has been patched in versions 2.9.10 and 2.10.0-rc2.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
Containous Traefik 资源管理错误漏洞
Vulnerability Description
Containous Traefik是美国Containous公司的一款反向代理和负载平衡器。 Containous Traefik 存在资源管理错误漏洞,该漏洞源于GO在解析HTTP 标头时会分配比保存已解析标头所需更多的内存。攻击者可利用该漏洞造成拒绝服务。受影响的产品和版本:Go 1.20.2版本,Traefik 2.9.9及之前版本,Traefik 2.10.0-rc1及之前版本。
CVSS Information
N/A
Vulnerability Type
N/A