Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Traefik has a kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values
Vulnerability Description
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter match values. In shared gateway deployments, this can bypass listener hostname constraints and redirect traffic for victim hostnames to attacker-controlled backends. This vulnerability is fixed in 3.6.10.
CVSS Information
N/A
Vulnerability Type
输出中的特殊元素转义处理不恰当(注入)
Vulnerability Title
Traefik 注入漏洞
Vulnerability Description
Traefik是Traefik开源的一款开源的反向代理与负载均衡工具。 Traefik 3.6.10之前版本存在注入漏洞,该漏洞源于具有HTTPRoute资源写入权限的租户可通过未清理的标头或查询参数匹配值注入规则令牌,在共享网关部署中可能绕过侦听器主机名约束并将流量重定向到攻击者控制的后端。
CVSS Information
N/A
Vulnerability Type
N/A