FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
428922c9-b07e-11ed-8700-5404a68ad561traefik -- Use of vulnerable Go module x/net/http2

The Go project reports:

A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.


Discovery 2022-10-22
Entry 2023-02-19
traefik
< 2.9.8

CVE-2022-41721
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41721
fe818607-b5ff-11e8-856b-485b3931c969Containous Traefik -- exposes the configuration and secret

MITRE reports:

Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the configuration and secret if authentication is missing and the API's port is publicly reachable.


Discovery 2018-08-20
Entry 2018-09-11
traefik
< 1.6.6

CVE-2018-15598
https://github.com/containous/traefik/pull/3790
https://github.com/containous/traefik/releases/tag/v1.6.6
508da89c-78b9-11ed-854f-5404a68ad561traefik -- multiple vulnerabilities

The Traefik project reports:

This update is recommended for all traefik users and provides following important security fixes:

  • CVE-2022-23469: Authorization header displayed in the debug logs
  • CVE-2022-46153: Routes exposed with an empty TLSOption in traefik

Discovery 2022-12-08
Entry 2022-12-10
traefik
< 2.9.6

CVE-2022-23469
CVE-2022-46153
https://github.com/traefik/traefik/releases/tag/v2.9.6
41f4baac-bf77-11e9-8d2f-5404a68ad561traefik -- Denial of service in HTTP/2

The traefik project reports:

Update of dependency to go go1.12.8 resolves potential HTTP/2 denial of service in traefik.


Discovery 2019-08-13
Entry 2019-08-15
traefik
< 1.7.14

https://github.com/containous/traefik/releases/tag/v1.7.14
CVE-2019-9512
CVE-2019-9514