Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. There is a potential vulnerability in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. This failure mode could be exploited to cause a denial of service. There has been a patch released in versions 2.8.8 and 2.9.0-rc5. There are currently no known workarounds.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github.com/traefik/traefik/v2(Go) | 0 | 2.8.8 | N/A |
| github.com/traefik/traefik/v2(Go) | 2.9.0-rc1 | 2.9.0-rc5 | N/A |
CVSS Metrics
