cbcvebase.
CVE-2022-39271
published 2022-10-11

CVE-2022-39271: Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. There is a potential vulnerability in…

PriorityP337high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.02%
58.9th percentile
Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. There is a potential vulnerability in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. This failure mode could be exploited to cause a denial of service. There has been a patch released in versions 2.8.8 and 2.9.0-rc5. There are currently no known workarounds.

Affected

6 ranges
VendorProductVersion rangeFixed in
github.comtraefik_traefik_v2>= 0 < 2.8.82.8.8
github.comtraefik_traefik_v2>= 2.9.0-rc1 < 2.9.0-rc52.9.0-rc5
traefiktraefik< 2.8.82.8.8
traefiktraefik
traefiktraefik
traefiktraefik

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vendor_oracle7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.