更新: 2423 个文件 - 2026-03-18 14:23:01
这个提交包含在:
@@ -0,0 +1,76 @@
|
||||
{
|
||||
"canonical_id": "traefik--GHSA-gv8r-9rw9-9697",
|
||||
"system_id": "traefik",
|
||||
"display_name": "Traefik",
|
||||
"category": "servers",
|
||||
"advisory_mode": "server",
|
||||
"title": "Traefik affected by TLS ClientAuth Bypass on HTTP/3",
|
||||
"summary": "### Summary\n\nThere is a potential vulnerability in Traefik managing HTTP/3 connections.\n\nMore details in the [CVE-2025-68121](https://nvd.nist.gov/vuln/detail/CVE-2025-68121).\n\n## Patches\n\n- https://github.com/traefik/traefik/releases/tag/v2.11.37\n- https://github.com/traefik/traefik/releases/tag/v3.6.8\n\n## Workarounds\n\nNo workaround\n\n## For more information\n\nIf you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues).",
|
||||
"published_at": "2026-02-20T21:14:27Z",
|
||||
"updated_at": "2026-03-13T10:47:38.380633Z",
|
||||
"severity": "low",
|
||||
"cvss_score": 3.1,
|
||||
"exploit_status": "unknown",
|
||||
"source_confidence": "official",
|
||||
"official_source_url": "https://github.com/traefik/traefik/security/advisories/GHSA-gv8r-9rw9-9697",
|
||||
"secondary_source_urls": [
|
||||
"https://github.com/traefik/traefik"
|
||||
],
|
||||
"aliases": [
|
||||
"GO-2026-4530",
|
||||
"GHSA-gv8r-9rw9-9697"
|
||||
],
|
||||
"cve_ids": [],
|
||||
"ghsa_ids": [
|
||||
"GHSA-gv8r-9rw9-9697"
|
||||
],
|
||||
"osv_ids": [
|
||||
"GHSA-gv8r-9rw9-9697",
|
||||
"GO-2026-4530"
|
||||
],
|
||||
"affected_versions": [
|
||||
"introduced=0, last_affected=1.7.34",
|
||||
"introduced=0, fixed<2.11.37",
|
||||
"introduced=0, fixed<3.6.8",
|
||||
"introduced=0"
|
||||
],
|
||||
"fixed_versions": [
|
||||
"2.11.37",
|
||||
"3.6.8"
|
||||
],
|
||||
"package_name": "github.com/traefik/traefik/v3",
|
||||
"render_markdown": false,
|
||||
"case_path": null,
|
||||
"secure_code_topics": [
|
||||
"proxy-trust-boundary",
|
||||
"request-smuggling-boundary",
|
||||
"authz-server-side-recheck",
|
||||
"dependency-upgrade-policy"
|
||||
],
|
||||
"status": "generated",
|
||||
"triage_reasons": [],
|
||||
"verification_status": "triage-manual",
|
||||
"verification_mode": "synthetic",
|
||||
"last_verified_at": null,
|
||||
"last_run_id": null,
|
||||
"evidence_bundle": null,
|
||||
"historical_status": null,
|
||||
"latest_status": null,
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
"present": false,
|
||||
"refs": []
|
||||
},
|
||||
"repro_profile_id": "authz-bypass-generic",
|
||||
"artifact_mode": "synthetic",
|
||||
"blocked_reason": null,
|
||||
"metadata": {
|
||||
"source_names": [
|
||||
"OSV Traefik"
|
||||
],
|
||||
"source_kinds": [
|
||||
"osv-batch"
|
||||
],
|
||||
"candidate_count": 2
|
||||
}
|
||||
}
|
||||
在新工单中引用
屏蔽一个用户