FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 18:22:07 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
508da89c-78b9-11ed-854f-5404a68ad561traefik -- multiple vulnerabilities

The Traefik project reports:

This update is recommended for all traefik users and provides following important security fixes:

  • CVE-2022-23469: Authorization header displayed in the debug logs
  • CVE-2022-46153: Routes exposed with an empty TLSOption in traefik

Discovery 2022-12-08
Entry 2022-12-10
traefik
< 2.9.6

CVE-2022-23469
CVE-2022-46153
https://github.com/traefik/traefik/releases/tag/v2.9.6
428922c9-b07e-11ed-8700-5404a68ad561traefik -- Use of vulnerable Go module x/net/http2

The Go project reports:

A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.


Discovery 2022-10-22
Entry 2023-02-19
traefik
< 2.9.8

CVE-2022-41721
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41721