Vulnerability Description
Traefik is an HTTP reverse proxy and load balancer. Versions prior to 2.11.6, 3.0.4, and 3.1.0-rc3 have a vulnerability that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. Versions 2.11.6, 3.0.4, and 3.1.0-rc3 contain a patch for this issue. No known workarounds are available.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Traefik | Traefik | < 2.11.6 |
Related Weaknesses (CWE)
References
- https://github.com/traefik/traefik/releases/tag/v2.11.6Release Notes
- https://github.com/traefik/traefik/releases/tag/v3.0.4Release Notes
- https://github.com/traefik/traefik/releases/tag/v3.1.0-rc3Release Notes
- https://github.com/traefik/traefik/security/advisories/GHSA-gxrv-wf35-62w9PatchVendor Advisory
- https://github.com/traefik/traefik/releases/tag/v2.11.6Release Notes
- https://github.com/traefik/traefik/releases/tag/v3.0.4Release Notes
- https://github.com/traefik/traefik/releases/tag/v3.1.0-rc3Release Notes
- https://github.com/traefik/traefik/security/advisories/GHSA-gxrv-wf35-62w9PatchVendor Advisory
FAQ
What is CVE-2024-39321?
CVE-2024-39321 is a vulnerability with a CVSS score of 7.5 (HIGH). Traefik is an HTTP reverse proxy and load balancer. Versions prior to 2.11.6, 3.0.4, and 3.1.0-rc3 have a vulnerability that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RT...
How severe is CVE-2024-39321?
CVE-2024-39321 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-39321?
Check the references section above for vendor advisories and patch information. Affected products include: Traefik Traefik.