GHSA-3wqc-mwfx-672p
Suggest an improvement- Source
- https://github.com/advisories/GHSA-3wqc-mwfx-672p
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-3wqc-mwfx-672p/GHSA-3wqc-mwfx-672p.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-3wqc-mwfx-672p
- Aliases
- Published
- 2025-04-18T19:32:23Z
- Modified
- 2025-04-18T19:59:21.653342Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Traefik affected by Go oauth2/jws Improper Validation of Syntactic Correctness of Input vulnerability
- Details
-
Summary
We have encountered a security vulnerability being reported by our scanners for Traefik 2.11.22. - https://security.snyk.io/vuln/SNYK-CHAINGUARDLATEST-TRAEFIK33-9403297
Details
It seems to target oauth2/jws library.
PoC
No steps to replicate this vulnerability
Impact
We have a strict control on security and we always try to stay up-to-date with the fixes received for third-party solutions.
Patches
- https://github.com/traefik/traefik/releases/tag/v2.11.24
- https://github.com/traefik/traefik/releases/tag/v3.3.6
- https://github.com/traefik/traefik/releases/tag/v3.4.0-rc2
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-1286" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2025-04-18T19:32:23Z" }- References
-
- https://github.com/traefik/traefik/security/advisories/GHSA-3wqc-mwfx-672p
- https://github.com/traefik/traefik
- https://github.com/traefik/traefik/releases/tag/v2.11.24
- https://github.com/traefik/traefik/releases/tag/v3.3.6
- https://github.com/traefik/traefik/releases/tag/v3.4.0-rc2
- https://security.snyk.io/vuln/SNYK-CHAINGUARDLATEST-TRAEFIK33-9403297
Affected packages
Go / github.com/traefik/traefik/v3
Package
- Name
- github.com/traefik/traefik/v3
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/traefik/traefik/v3
Go / github.com/traefik/traefik/v2
Package
- Name
- github.com/traefik/traefik/v2
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/traefik/traefik/v2
Go / github.com/traefik/traefik/v3
Package
- Name
- github.com/traefik/traefik/v3
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/traefik/traefik/v3