FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2026-01-07 14:59:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
91b9790e-de65-11f0-b893-5404a68ad561	traefik -- Bypassing security controls via special characters The traefik project reports: There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path; if the request path contains an encoded restricted character from the following set ('/', '', 'Null', ';', '?', '#'), it is possible to target a backend, exposed using another router, by-passing the middlewares chain. Discovery 2025-12-08 Entry 2025-12-21 traefik < 3.6.3 CVE-2025-66490 https://nvd.nist.gov/vuln/detail/CVE-2025-66490
dc7e30db-de67-11f0-b893-5404a68ad561	traefik -- Inverted TLS Verification Logic in Kubernetes NGINX Provider The traefik project reports: There is a potential vulnerability in Traefik NGINX provider managing the nginx.ingress.kubernetes.io/proxy-ssl-verify annotation. The provider inverts the semantics of the nginx.ingress.kubernetes.io/proxy-ssl-verify annotation. Setting the annotation to "on" (intending to enable backend TLS certificate verification) actually disables verification, allowing man-in-the-middle attacks against HTTPS backends when operators believe they are protected. Discovery 2025-12-08 Entry 2025-12-21 traefik < 3.6.3 CVE-2025-66491 https://nvd.nist.gov/vuln/detail/CVE-2025-66491

VuXML ID

Description

91b9790e-de65-11f0-b893-5404a68ad561

traefik -- Bypassing security controls via special characters

The traefik project reports:

There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path; if the request path contains an encoded restricted character from the following set ('/', '', 'Null', ';', '?', '#'), it is possible to target a backend, exposed using another router, by-passing the middlewares chain.

Discovery 2025-12-08
Entry 2025-12-21
traefik

< 3.6.3

CVE-2025-66490
https://nvd.nist.gov/vuln/detail/CVE-2025-66490

dc7e30db-de67-11f0-b893-5404a68ad561

traefik -- Inverted TLS Verification Logic in Kubernetes NGINX Provider

The traefik project reports:

There is a potential vulnerability in Traefik NGINX provider managing the nginx.ingress.kubernetes.io/proxy-ssl-verify annotation. The provider inverts the semantics of the nginx.ingress.kubernetes.io/proxy-ssl-verify annotation. Setting the annotation to "on" (intending to enable backend TLS certificate verification) actually disables verification, allowing man-in-the-middle attacks against HTTPS backends when operators believe they are protected.

Discovery 2025-12-08
Entry 2025-12-21
traefik

< 3.6.3

CVE-2025-66491
https://nvd.nist.gov/vuln/detail/CVE-2025-66491