Уязвимость CVE-2024-28869: Информация
Описание
Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the "Content-length" request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of service. This vulnerability has been addressed in version 2.11.2 and 3.0.0-rc5. Users are advised to upgrade. For affected versions, this vulnerability can be mitigated by configuring the readTimeout option.
Опубликовано: 13 апреля 2024 г.
Изменено: 15 апреля 2024 г.
Исправленные пакеты
Имя пакета | Ветка | Исправлено в версии | Версия в репозитории | Errata ID | № Задания | Состояние |
---|---|---|---|---|---|---|
traefik | sisyphus | 2.11.2-alt1 | 2.11.3-alt1 | ALT-PU-2024-7595-1 | 347710 | Исправлено |
traefik | sisyphus_riscv64 | 2.11.2-alt2 | 2.11.3-alt1 | ALT-PU-2024-7679-1 | - | Исправлено |
traefik | sisyphus_loongarch64 | 2.11.2-alt2 | 2.11.3-alt1 | ALT-PU-2024-7629-1 | - | Исправлено |
traefik | p11 | 2.11.2-alt1 | 2.11.3-alt1 | ALT-PU-2024-7595-1 | 347710 | Исправлено |