| id: GO-2024-3135 |
| modules: |
| - module: github.com/traefik/traefik |
| vulnerable_at: 1.7.34 |
| - module: github.com/traefik/traefik/v2 |
| versions: |
| - fixed: 2.11.9 |
| vulnerable_at: 2.11.8 |
| - module: github.com/traefik/traefik/v3 |
| versions: |
| - introduced: 3.0.0-beta3 |
| - fixed: 3.1.3 |
| vulnerable_at: 3.1.2 |
| summary: HTTP client can manipulate custom HTTP headers that are added by Traefik in github.com/traefik/traefik |
| cves: |
| - CVE-2024-45410 |
| ghsas: |
| - GHSA-62c8-mh53-4cqv |
| references: |
| - advisory: https://github.com/traefik/traefik/security/advisories/GHSA-62c8-mh53-4cqv |
| - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-45410 |
| - fix: https://github.com/traefik/traefik/commit/584144100524277829f26219baaab29a53b8134f |
| - web: https://github.com/traefik/traefik/releases/tag/v2.11.9 |
| - web: https://github.com/traefik/traefik/releases/tag/v3.1.3 |
| source: |
| id: GHSA-62c8-mh53-4cqv |
| created: 2024-09-26T14:14:07.271684-04:00 |
| review_status: UNREVIEWED |
