CVE-2021-32813Improper Control of Dynamically-Managed Code Resources in Traefik

CWE-913Improper Control of Dynamically-Managed Code Resources5 documents4 sources
Severity
8.1HIGHNVD
CNA4.8
EPSS
0.4%
top 40.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
TraefikGithub.com Traefik Traefik V2Github.com Traefik Traefik
Timeline
PublishedAug 3
Latest updateAug 21

Description

Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.4.13, there exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a privilege escalation, however, the Traefik team has addressed this issue to prevent any potential abuse. If one has a chain of Traefik middlewares, and one of them sets a request header, then sending a request with a certain Conn

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages4 packages

CVEListV5traefik/traefik< 2.4.13+1
NVDtraefik/traefik< 2.4.13

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
OSV
Header dropping in traefik in github.com/traefik/traefik2024-08-21
GHSA
Header dropping in traefik2021-08-05
OSV
Header dropping in traefik2021-08-05
CVEList
Drop Headers via Malicious Connection Header2021-08-03
CVE-2021-32813 — Traefik vulnerability | cvebase