Allocation of Resources Without Limits or Throttling Affecting github.com/traefik/traefik/v2/pkg/api package, versions <2.11.2
Threat Intelligence
EPSS
0.04% (14th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-GOLANG-GITHUBCOMTRAEFIKTRAEFIKV2PKGAPI-6615846
- published 16 Apr 2024
- disclosed 10 Jan 2024
- credit Bartek Nowotarski
Introduced: 10 Jan 2024
CVE-2023-45288 Open this link in a new tabHow to fix?
Upgrade github.com/traefik/traefik/v2/pkg/api to version 2.11.2 or higher.
Overview
github.com/traefik/traefik/v2/pkg/api is an API package for traefik.
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.
References
CVSS Scores
version 3.1