vulnerability
FreeBSD: VID-767DFB2D-3C9E-11EF-A829-5404A68AD561 (CVE-2024-39321): traefik -- Bypassing IP allow-lists via HTTP/3 early data requests
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:C/A:N) | 07/02/2024 | 07/08/2024 | 02/18/2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:C/A:N)
Published
07/02/2024
Added
07/08/2024
Modified
02/18/2025
Description
Traefik is an HTTP reverse proxy and load balancer. Versions prior to 2.11.6, 3.0.4, and 3.1.0-rc3 have a vulnerability that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. Versions 2.11.6, 3.0.4, and 3.1.0-rc3 contain a patch for this issue. No known workarounds are available.
Solution
freebsd-upgrade-package-traefik
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.