pkg:Go/github.com/traefik/traefik/v2

所有已知漏洞

• CRITICAL10.0CVE-2026-39858Traefik: Pre-authentication decision bypass due to forwarded alias spoofing
  from 0, < 2.11.43
• CRITICAL10.0CVE-2026-35051Traefik's ForwardAuth trustForwardHeader=false allows spoofed X-Forwarded-Prefix to bypass authentication
  from 0, < 2.11.43
• HIGH8.2Traefik has an StripPrefixRegex Middleware Authorization Bypass via Path/RawPath Desync
  from 0, < 2.11.43
• HIGH7.5traefik CVE-2024-45410 fix bypass: lowercase `Connection` tokens can delete traefik-managed forwarded identity headers (for example, `X-Real-Ip`) in github.com/traefik/traefik
  >= 2.11.9, < 2.11.38
• HIGH7.5traefik CVE-2024-45410 fix bypass: lowercase `Connection` tokens can delete traefik-managed forwarded identity headers (for example, `X-Real-Ip`) in github.com/traefik/traefik
  >= 2.11.9, < 2.11.38
• HIGH7.5Traefik: tcp router clears read deadlines before tls forwarding, enabling stalled handshakes (Slowloris DOS) in github.com/traefik/traefik
  from 0, < 2.11.38
• HIGH7.5Traefik: tcp router clears read deadlines before tls forwarding, enabling stalled handshakes (Slowloris DOS) in github.com/traefik/traefik
  from 0, < 2.11.38
• HIGH7.5Traefik: TCP readTimeout bypass via STARTTLS on Postgres in github.com/traefik/traefik
  from 0
• HIGH7.5HTTP client can manipulate custom HTTP headers that are added by Traefik in github.com/traefik/traefik
  from 0, < 2.11.9
• HIGH7.5HTTP client can manipulate custom HTTP headers that are added by Traefik in github.com/traefik/traefik
  from 0, < 2.11.9
• HIGH7.5Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes in github.com/traefik/traefik
  from 0, < 2.11.6
• HIGH7.5Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes in github.com/traefik/traefik
  from 0, < 2.11.6
• HIGH7.5Traefik vulnerable to denial of service with Content-length header in github.com/traefik/traefik
  from 0, < 2.11.2
• HIGH7.5Traefik vulnerable to denial of service with Content-length header in github.com/traefik/traefik
  from 0, < 2.11.2
• HIGH7.5Traefik docker container using 100% CPU in github.com/traefik/traefik
  from 0, < 2.10.6
• HIGH7.5Traefik docker container using 100% CPU in github.com/traefik/traefik
  from 0, < 2.10.6
• HIGH7.5Traefik HTTP header parsing could cause a denial of service
  from 0, < 2.9.10
• HIGH7.5Traefik HTTP/2 connections management could cause a denial of service
  from 0, < 2.8.8
• HIGH7.5Improper Authentication in github.com/containous/traefik
  from 0, < 2.2.2
• HIGH7.4Skip the router TLS configuration when the host header is an FQDN in github.com/traefik/traefik
  from 0, < 2.6.1
• HIGH7.4Skip the router TLS configuration when the host header is an FQDN in github.com/traefik/traefik
  from 0, < 2.6.1
• MEDIUM6.5Traefik incorrectly processes fragment in the URL, leads to Authorization Bypass in github.com/traefik/traefik
  from 0, < 2.10.6
• MEDIUM6.5Traefik incorrectly processes fragment in the URL, leads to Authorization Bypass in github.com/traefik/traefik
  from 0, < 2.10.6
• MEDIUM6.5Traefik routes exposed with an empty TLSOption in github.com/traefik/traefik
  from 0, < 2.9.6
• MEDIUM6.5Traefik routes exposed with an empty TLSOption in github.com/traefik/traefik
  from 0, < 2.9.6
• MEDIUM6.4Traefik Kubernetes CRD allows unauthorized cross-namespace middleware binding
  from 0, < 2.11.43
• MEDIUM6.1Traefik vulnerable to Open Redirect via handling of X-Forwarded-Prefix header
  from 0, < 2.3.0-rc6
• MEDIUM5.9Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall in github.com/traefik/traefik
  from 0, < 2.11.35
• MEDIUM5.9Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall in github.com/traefik/traefik
  from 0, < 2.11.35
• MEDIUM5.9Traefik Inverted TLS Verification Logic in ingress-nginx Provider in github.com/traefik/traefik
  from 0
• MEDIUM5.9Traefik vulnerable to potential DDoS via ACME HTTPChallenge in github.com/traefik/traefik
  from 0, < 2.10.6
• MEDIUM5.9Traefik vulnerable to potential DDoS via ACME HTTPChallenge in github.com/traefik/traefik
  from 0, < 2.10.6
• MEDIUM4.8Header dropping in traefik in github.com/traefik/traefik
  from 0, < 2.4.13
• MEDIUM4.8Header dropping in traefik in github.com/traefik/traefik
  from 0, < 2.4.13
• MEDIUM4.4Traefik has unbounded io.ReadAll on auth server response body that causes OOM DOS in github.com/traefik/traefik
  from 0, < 2.11.38
• MEDIUM4.4Traefik has unbounded io.ReadAll on auth server response body that causes OOM DOS in github.com/traefik/traefik
  from 0, < 2.11.38
• LOW3.7Traefik: A timing side-channel vulnerability allows for valid username enumeration via BasicAuth middleware
  from 0, < 2.11.43
• LOW3.5Traefik may display authorization header in the debug logs in github.com/traefik/traefik
  from 0, < 2.9.6
• LOW3.5Traefik may display authorization header in the debug logs in github.com/traefik/traefik
  from 0, < 2.9.6
• —Traefik has a StripPrefix Route-Level Auth Bypass via Path Normalization
  from 0, < 2.11.48
• —Traefik: Gateway API TraefikService backend accepts rest@internal, allowing unauthorized exposure of the REST provider despite providers.rest.insecure=false
  from 0, < 2.11.46
• —Traefik's errors middleware forwards Authorization and Cookie headers to separate error page service
  from 0, < 2.11.44
• —Traefik Vulnerable to BasicAuth/DigestAuth Identity Spoofing via Non-Canonical headerField in github.com/traefik/traefik
  from 0, < 2.11.42
• —Traefik Vulnerable to BasicAuth/DigestAuth Identity Spoofing via Non-Canonical headerField in github.com/traefik/traefik
  from 0, < 2.11.42
• —Traefik has Knative Ingress Rule Injection that Allows Host Restriction Bypass in github.com/traefik/traefik
  from 0
• —Traefik has Knative Ingress Rule Injection that Allows Host Restriction Bypass in github.com/traefik/traefik
  from 0, <= 2.11.42
• —Traefik Affected by BasicAuth Middleware Timing Attack Allows Username Enumeration in github.com/traefik/traefik
  from 0, < 2.11.41
• —Traefik Affected by BasicAuth Middleware Timing Attack Allows Username Enumeration in github.com/traefik/traefik
  from 0, < 2.11.41
• —Traefik has a Potential mTLS Bypass via Fragmented TLS ClientHello Causing Pre-SNI Sniff Fallback to Default Non-mTLS TLS Config in github.com/traefik/traefik
  from 0, < 2.11.41
• —Traefik has a Potential mTLS Bypass via Fragmented TLS ClientHello Causing Pre-SNI Sniff Fallback to Default Non-mTLS TLS Config in github.com/traefik/traefik
  from 0, < 2.11.41
• —Traefik: kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values in github.com/traefik/traefik
  from 0
• —Traefik: kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values in github.com/traefik/traefik
  from 0, <= 2.11.40
• —Path Normalization Bypass in Traefik Router + Middleware Rules in github.com/traefik/traefik
  from 0, < 2.11.32
• —Path Normalization Bypass in Traefik Router + Middleware Rules in github.com/traefik/traefik
  from 0, < 2.11.32
• —Traefik Client Plugin's Path Traversal Vulnerability Allows Arbitrary File Overwrite and Remote Code Execution in github.com/traefik/traefik
  from 0, < 2.11.28
• —Traefik Client Plugin's Path Traversal Vulnerability Allows Arbitrary File Overwrite and Remote Code Execution in github.com/traefik/traefik
  from 0, < 2.11.28
• —Traefik allows path traversal using url encoding in github.com/traefik/traefik
  from 0, < 2.11.25
• —Traefik allows path traversal using url encoding in github.com/traefik/traefik
  from 0, < 2.11.25
• —Traefik has a possible vulnerability with the path matchers in github.com/traefik/traefik
  from 0, < 2.11.23
• —Traefik has a possible vulnerability with the path matchers in github.com/traefik/traefik
  from 0, < 2.11.23
• —Traefik's X-Forwarded-Prefix Header still allows for Open Redirect in github.com/traefik/traefik
  from 0, < 2.11.14
• —Traefik's X-Forwarded-Prefix Header still allows for Open Redirect in github.com/traefik/traefik
  from 0, < 2.11.14