Containous Traefik vulnerabilities

2 known vulnerabilities affecting containous/traefik.

Total CVEs

2

CISA KEV

0

Public exploits

1

Exploited in wild

0

Severity breakdown

MEDIUM2

Vulnerabilities

Page 1 of 1

CVE-2021-27375MEDIUMCVSS 5.3fixed in 2.4.52021-02-18

CVE-2021-27375 [MEDIUM] CWE-1021 CVE-2021-27375: Traefik before 2.4.5 allows the loading of IFRAME elements from other domains. Traefik before 2.4.5 allows the loading of IFRAME elements from other domains.

CVE-2020-15129MEDIUMCVSS 4.7PoCfixed in 1.7.26v>= 2.0.0, < 2.2.82020-07-30

CVE-2020-15129 [MEDIUM] CWE-601 CVE-2020-15129: In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vuln In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vulnerability in Traefik's handling of the "X-Forwarded-Prefix" header. The Traefik API dashboard component doesn't validate that the value of the header "X-Forwarded-Prefix" is a site relative path and will redirect to any header provided URI. Successful