cbcvebase.
CVE-2024-39321
published 2024-07-05

CVE-2024-39321: Traefik is an HTTP reverse proxy and load balancer. Versions prior to 2.11.6, 3.0.4, and 3.1.0-rc3 have a vulnerability that allows bypassing IP allow-lists…

PriorityP344high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
0.59%
43.9th percentile
Traefik is an HTTP reverse proxy and load balancer. Versions prior to 2.11.6, 3.0.4, and 3.1.0-rc3 have a vulnerability that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. Versions 2.11.6, 3.0.4, and 3.1.0-rc3 contain a patch for this issue. No known workarounds are available.

Affected

8 ranges
VendorProductVersion rangeFixed in
github.comtraefik_traefik_v2>= 0 < 2.11.62.11.6
github.comtraefik_traefik_v3>= 3.0.0-beta3 < 3.0.43.0.4
github.comtraefik_traefik_v3>= 3.1.0-rc1 < 3.1.0-rc33.1.0-rc3
traefiktraefik< 2.11.62.11.6
traefiktraefik
traefiktraefik
traefiktraefik
traefiktraefik>= 3.0.0 < 3.0.43.0.4

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.