Skip to content

Fix CVE-2023-45288 - HTTP/2 CONTINUATION flood in net/http

Moderate
nmengin published GHSA-7f4j-64p6-5h5v Apr 15, 2024

Package

gomod Traefik (Go)

Affected versions

<= v2.11.1, <= v3.0.0-rc4

Patched versions

v2.11.2, v3.0.0-rc5

Description

There is a potential vulnerability in Traefik managing HTTP/2 connections.

More details in the CVE-2023-45288.

Patches

Workarounds

No workaround

For more information

If you have any questions or comments about this advisory, please open an issue.

Severity

Moderate

CVE ID

CVE-2023-45288

Weaknesses

No CWEs

Credits