VDB
CVE-2024-52003
CVE-2024-52003
PUBLISHED
CVSS 6.300000190734863 MEDIUM
Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. There is a vulnerability in Traefik that allows the client to provide the X-Forwarded-Prefix header from an untrusted source. This issue has been addressed in versions 2.11.14 and 3.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
EPSS 0.24% · 47.5th percentile
Risk Scores
CVSS 4.0
6.300000190734863
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
EPSS Score
0.24%
47.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | traefik/traefik/v3 | 0, 0 |
| Traefik | Traefik | |
| github.com | traefik/traefik/v2 | 0, 0 |
| traefik | traefik | < 2.11.14, >= 3.0.0, < 3.2.1, 3.0.0 |
Exploit Intelligence
Timeline
- Jan 21, 1970 Fix PR Merged
- Jan 21, 1970 Security Advisory
- Nov 29, 2024 CVE Published
- Nov 30, 2024 EPSS Score
- Dec 18, 2024 EPSS Score
- Jan 1, 2025 Coalition ESS Score
- Jan 4, 2025 EPSS Score
- Jan 21, 2025 EPSS Score
- Feb 7, 2025 EPSS Score
- Feb 24, 2025 EPSS Score
- Mar 13, 2025 EPSS Score
- Mar 19, 2025 Coalition ESS Score
References
- https://github.com/traefik/traefik/security/advisories/GHSA-h924-8g65-j9wg url
- https://github.com/traefik/traefik/pull/11253 url
- https://github.com/traefik/traefik/releases/tag/v2.11.14 url
- https://github.com/traefik/traefik/releases/tag/v3.2.1 url
- https://nvd.nist.gov/vuln/detail/CVE-2024-52003 advisory
- https://github.com/traefik/traefik package