FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-25 21:13:12 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
428922c9-b07e-11ed-8700-5404a68ad561traefik -- Use of vulnerable Go module x/net/http2

The Go project reports:

A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.


Discovery 2022-10-22
Entry 2023-02-19
traefik
< 2.9.8

CVE-2022-41721
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41721
41f4baac-bf77-11e9-8d2f-5404a68ad561traefik -- Denial of service in HTTP/2

The traefik project reports:

Update of dependency to go go1.12.8 resolves potential HTTP/2 denial of service in traefik.


Discovery 2019-08-13
Entry 2019-08-15
traefik
< 1.7.14

https://github.com/containous/traefik/releases/tag/v1.7.14
CVE-2019-9512
CVE-2019-9514
7a1b2624-6a89-11ee-af06-5404a68ad561traefik -- Resource exhaustion by malicious HTTP/2 client

The traefik authors report:

There is a vulnerability in GO managing HTTP/2 requests, which impacts Traefik. This vulnerability could be exploited to cause a denial of service.


Discovery 2023-10-10
Entry 2023-10-14
traefik
< 2.10.5

CVE-2023-39325
CVE-2023-44487
https://github.com/traefik/traefik/security/advisories/GHSA-7v4p-328v-8v5g
508da89c-78b9-11ed-854f-5404a68ad561traefik -- multiple vulnerabilities

The Traefik project reports:

This update is recommended for all traefik users and provides following important security fixes:

  • CVE-2022-23469: Authorization header displayed in the debug logs
  • CVE-2022-46153: Routes exposed with an empty TLSOption in traefik

Discovery 2022-12-08
Entry 2022-12-10
traefik
< 2.9.6

CVE-2022-23469
CVE-2022-46153
https://github.com/traefik/traefik/releases/tag/v2.9.6
02e51cb3-d7e4-11ed-9f7a-5404a68ad561traefik -- Use of vulnerable Go modules net/http, net/textproto

The Go project reports:

HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold parsed headers.


Discovery 2023-03-10
Entry 2023-04-07
traefik
< 2.9.9_1

CVE-2023-24534
https://www.cve.org/CVERecord?id=CVE-2023-24534
CVE-2023-29013
https://www.cve.org/CVERecord?id=CVE-2023-29013