x/vulndb: potential Go vuln in github.com/traefik/traefik/v2: GHSA-c6hx-pjc3-7fqr #1057
Description
In GitHub Security Advisory GHSA-c6hx-pjc3-7fqr, there is a vulnerability in the following Go packages or modules:
| Unit | Fixed | Vulnerable Ranges |
|---|---|---|
| github.com/traefik/traefik/v2 | 2.9.0-rc5 | >= 2.9.0-rc1, < 2.9.0-rc5 |
See doc/triage.md for instructions on how to triage this report.
modules:
- module: TODO
versions:
- introduced: 2.9.0-rc1
fixed: 2.9.0-rc5
packages:
- package: github.com/traefik/traefik/v2
- module: TODO
versions:
- fixed: 2.8.8
packages:
- package: github.com/traefik/traefik/v2
description: |
### Impact
There is a potential vulnerability in Traefik managing HTTP/2 connections.
A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. This failure mode could be exploited to cause a denial of service.
### Patches
Traefik v2.8.x: https://github.com/traefik/traefik/releases/tag/v2.8.8
Traefik v2.9.x: https://github.com/traefik/traefik/releases/tag/v2.9.0-rc5
### Workarounds
No workaround.
### For more information
If you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues).
cves:
- CVE-2022-39271
ghsas:
- GHSA-c6hx-pjc3-7fqr