CVE-2024-28869

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-28869
Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the "Content-length" request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of service. This vulnerability has been addressed in version 2.11.2 and 3.0.0-rc5. Users are advised to upgrade. For affected versions, this vulnerability can be mitigated by configuring the readTimeout option.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://doc.traefik.io/traefik/routing/entrypoints/#respondingtimeouts Product
https://github.com/traefik/traefik/commit/240b83b77351dfd8cadb91c305b84e9d22e0f9c6 Patch
https://github.com/traefik/traefik/releases/tag/v2.11.2 Release Notes
https://github.com/traefik/traefik/releases/tag/v3.0.0-rc5 Release Notes
https://github.com/traefik/traefik/security/advisories/GHSA-4vwx-54mw-vqfw Patch Vendor Advisory
https://doc.traefik.io/traefik/routing/entrypoints/#respondingtimeouts Product
https://github.com/traefik/traefik/commit/240b83b77351dfd8cadb91c305b84e9d22e0f9c6 Patch
https://github.com/traefik/traefik/releases/tag/v2.11.2 Release Notes
https://github.com/traefik/traefik/releases/tag/v3.0.0-rc5 Release Notes
https://github.com/traefik/traefik/security/advisories/GHSA-4vwx-54mw-vqfw Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*
cpe:2.3:a:traefik:traefik:3.0.0:-:*:*:*:*:*:*
cpe:2.3:a:traefik:traefik:3.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:traefik:traefik:3.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:traefik:traefik:3.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:traefik:traefik:3.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:traefik:traefik:3.0.0:beta5:*:*:*:*:*:*
cpe:2.3:a:traefik:traefik:3.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:traefik:traefik:3.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:traefik:traefik:3.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:traefik:traefik:3.0.0:rc4:*:*:*:*:*:*
History

No history.

Information

Published : 2024-04-12 22:15

Updated : 2025-11-26 13:12

NVD link : CVE-2024-28869

Mitre link : CVE-2024-28869

CVE.ORG link : CVE-2024-28869

JSON object : View

Products Affected

traefik

  • traefik
CWE
CWE-755

Improper Handling of Exceptional Conditions