x/vulndb: potential Go vuln in github.com/traefik/traefik: GHSA-7jmw-8259-q9jx

[GoVulnBot]

In GitHub Security Advisory GHSA-7jmw-8259-q9jx, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/traefik/traefik	2.11.4	< 2.11.4

Cross references:

• Module github.com/traefik/traefik appears in issue x/vulndb: potential Go vuln in github.com/traefik/traefik: CVE-2022-23632 #325 EFFECTIVELY_PRIVATE
• Module github.com/traefik/traefik appears in issue x/vulndb: potential Go vuln in github.com/traefik/traefik: GHSA-7h6j-2268-fhcm #808 NOT_IMPORTABLE
• Module github.com/traefik/traefik appears in issue x/vulndb: potential Go vuln in github.com/traefik/traefik: CVE-2021-32813, GHSA-m697-4v8f-55qg #923 NOT_IMPORTABLE
• Module github.com/traefik/traefik/v3 appears in issue x/vulndb: potential Go vuln in github.com/traefik/traefik/v3: GHSA-r3fq-cmmw-cpmm #1919 EFFECTIVELY_PRIVATE
• Module github.com/traefik/traefik/v3 appears in issue x/vulndb: potential Go vuln in github.com/traefik/traefik/v3: GHSA-2cjc-rgmp-x649 #1950 EFFECTIVELY_PRIVATE
• Module github.com/traefik/traefik appears in issue x/vulndb: potential Go vuln in github.com/traefik/traefik: GHSA-7v4p-328v-8v5g #2117 DEPENDENT_VULNERABILITY
• Module github.com/traefik/traefik appears in issue x/vulndb: potential Go vuln in github.com/traefik/traefik: CVE-2023-47106 #2376 EFFECTIVELY_PRIVATE
• Module github.com/traefik/traefik appears in issue x/vulndb: potential Go vuln in github.com/traefik/traefik: CVE-2023-47633 #2377 EFFECTIVELY_PRIVATE
• Module github.com/traefik/traefik/v3 appears in issue x/vulndb: potential Go vuln in github.com/traefik/traefik/v3: GHSA-8g85-whqh-cr2f #2381 EFFECTIVELY_PRIVATE
• Module github.com/traefik/traefik appears in issue x/vulndb: potential Go vuln in github.com/traefik/traefik: GHSA-4vwx-54mw-vqfw #2722
• Module github.com/traefik/traefik/v3 appears in issue x/vulndb: potential Go vuln in github.com/traefik/traefik: GHSA-4vwx-54mw-vqfw #2722
• Module github.com/traefik/traefik/v3 appears in issue x/vulndb: potential Go vuln in github.com/traefik/traefik/v3: GHSA-7f4j-64p6-5h5v #2726
• Module github.com/traefik/traefik appears in issue x/vulndb: potential Go vuln in github.com/traefik/traefik: GHSA-f7cq-5v43-8pwp #2880
• Module github.com/traefik/traefik/v3 appears in issue x/vulndb: potential Go vuln in github.com/traefik/traefik: GHSA-f7cq-5v43-8pwp #2880

See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/traefik/traefik
      non_go_versions:
        - fixed: 2.11.4
      vulnerable_at: 1.7.34
      packages:
        - package: github.com/traefik/traefik
    - module: github.com/traefik/traefik
      non_go_versions:
        - fixed: 2.11.4
      vulnerable_at: 1.7.34
      packages:
        - package: github.com/traefik/traefik/v2
    - module: github.com/traefik/traefik/v3
      versions:
        - introduced: 3.0.0-beta3
          fixed: 3.0.2
      vulnerable_at: 3.0.1
      packages:
        - package: github.com/traefik/traefik/v3
summary: Traefik has unexpected behavior with IPv4-mapped IPv6 addresses in github.com/traefik/traefik
ghsas:
    - GHSA-7jmw-8259-q9jx
references:
    - advisory: https://github.com/advisories/GHSA-7jmw-8259-q9jx
    - advisory: https://github.com/traefik/traefik/security/advisories/GHSA-7jmw-8259-q9jx
    - web: https://github.com/traefik/traefik/releases/tag/v2.11.4
    - web: https://github.com/traefik/traefik/releases/tag/v3.0.2
    - web: https://www.cve.org/CVERecord?id=CVE-2024-24790
source:
    id: GHSA-7jmw-8259-q9jx
    created: 2024-06-11T20:01:15.865487714Z
review_status: UNREVIEWED

[gopherbot]

Change https://go.dev/cl/592456 mentions this issue: data/reports: add 19 unreviewed reports

[gopherbot]

Change https://go.dev/cl/592457 mentions this issue: data/reports: add 16 unreviewed reports

[gopherbot]

Change https://go.dev/cl/606359 mentions this issue: data/reports: regenerate 50 reports