On September 16, 2024, we patched the following vulnerability with Traefik Proxy 2.11.9 and 3.1.3:
If you have any questions or comments about this vulnerability, please add a comment.
The link provides currently zero information about the vulnerability ("This ID has been reserved"). So it's kind of hard to assess, if we should deploy it immediately.
Hi,
Link is available in release notes on GitHub (Release v2.11.9 · traefik/traefik · GitHub): HTTP client can remove the X-Forwarded headers · Advisory · traefik/traefik · GitHub
Hello @bluepuma77,
Indeed the CVE is not entirely published yet (work in progress on Github side).
I've added the related Github Advisory as described by @kruczjak 