CVE-2024-39321
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
05/07/2024
Last modified:
25/11/2025
Description
Traefik is an HTTP reverse proxy and load balancer. Versions prior to 2.11.6, 3.0.4, and 3.1.0-rc3 have a vulnerability that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. Versions 2.11.6, 3.0.4, and 3.1.0-rc3 contain a patch for this issue. No known workarounds are available.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:* | 2.11.6 (excluding) | |
| cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:* | 3.0.0 (including) | 3.0.4 (excluding) |
| cpe:2.3:a:traefik:traefik:3.1.0:-:*:*:*:*:*:* | ||
| cpe:2.3:a:traefik:traefik:3.1.0:rc1:*:*:*:*:*:* | ||
| cpe:2.3:a:traefik:traefik:3.1.0:rc2:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/traefik/traefik/releases/tag/v2.11.6
- https://github.com/traefik/traefik/releases/tag/v3.0.4
- https://github.com/traefik/traefik/releases/tag/v3.1.0-rc3
- https://github.com/traefik/traefik/security/advisories/GHSA-gxrv-wf35-62w9
- https://github.com/traefik/traefik/releases/tag/v2.11.6
- https://github.com/traefik/traefik/releases/tag/v3.0.4
- https://github.com/traefik/traefik/releases/tag/v3.1.0-rc3
- https://github.com/traefik/traefik/security/advisories/GHSA-gxrv-wf35-62w9