Hi, can you please confirm if Traefik v2 is affected by the following Go CVEs and what version should be used to have these fixed:
- net/http, net/textproto: denial of service from excessive memory allocation
This is CVE-2023-24534 and Go issue net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534) · Issue #58975 · golang/go · GitHub
- net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption
This is CVE-2023-24536 and Go issue net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (CVE-2023-24536) · Issue #59153 · golang/go · GitHub
Both issues are fixed starting Go versions 1.20.3 and 1.19.8.
Thanks! Best Regards, Felix