Vulnerabilities > CVE-2022-39271 - Improper Handling of Exceptional Conditions vulnerability in Traefik
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. There is a potential vulnerability in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. This failure mode could be exploited to cause a denial of service. There has been a patch released in versions 2.8.8 and 2.9.0-rc5. There are currently no known workarounds.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://github.com/traefik/traefik/releases/tag/v2.8.8
- https://github.com/traefik/traefik/releases/tag/v2.8.8
- https://github.com/traefik/traefik/releases/tag/v2.9.0-rc5
- https://github.com/traefik/traefik/releases/tag/v2.9.0-rc5
- https://github.com/traefik/traefik/security/advisories/GHSA-c6hx-pjc3-7fqr
- https://github.com/traefik/traefik/security/advisories/GHSA-c6hx-pjc3-7fqr