Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Traefik allows path traversal using url encoding
Vulnerability Description
Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. Prior to versions 2.11.25 and 3.4.1, there is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path, if the URL contains a URL encoded string in its path, it’s possible to target a backend, exposed using another router, by-passing the middlewares chain. This issue has been patched in versions 2.11.25 and 3.4.1.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Traefik 路径遍历漏洞
Vulnerability Description
Traefik是Traefik开源的一款开源的反向代理与负载均衡工具。 Traefik 3.4.1之前版本存在路径遍历漏洞,该漏洞源于路径匹配器处理不当,可能导致绕过中间件链。
CVSS Information
N/A
Vulnerability Type
N/A