{"id":"CVE-2024-28869","summary":"Possible denial of service vulnerability with Content-length header in Traefik","details":"Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the \"Content-length\" request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of service. This vulnerability has been addressed in version 2.11.2 and 3.0.0-rc5. Users are advised to upgrade. For affected versions, this vulnerability can be mitigated by configuring the readTimeout option.\n","aliases":["GHSA-4vwx-54mw-vqfw","GO-2024-2722"],"modified":"2026-04-10T05:11:35.782879Z","published":"2024-04-12T21:08:36.288Z","related":["CGA-rx6f-jpv7-3h4c","openSUSE-SU-2024:13927-1","openSUSE-SU-2024:14076-1"],"database_specific":{"cwe_ids":["CWE-755"],"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/28xxx/CVE-2024-28869.json"},"references":[{"type":"WEB","url":"https://doc.traefik.io/traefik/routing/entrypoints/#respondingtimeouts"},{"type":"WEB","url":"https://github.com/traefik/traefik/releases/tag/v2.11.2"},{"type":"WEB","url":"https://github.com/traefik/traefik/releases/tag/v3.0.0-rc5"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/28xxx/CVE-2024-28869.json"},{"type":"ADVISORY","url":"https://github.com/traefik/traefik/security/advisories/GHSA-4vwx-54mw-vqfw"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28869"},{"type":"FIX","url":"https://github.com/traefik/traefik/commit/240b83b77351dfd8cadb91c305b84e9d22e0f9c6"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/traefik/traefik","events":[{"introduced":"0"},{"fixed":"b9b75277620cb6d07c1342aa497323a8fac9cddd"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.11.2"}]}},{"type":"GIT","repo":"https://github.com/traefik/traefik","events":[{"introduced":"014fdfc4ec55113e130eae498c20aba91fe1406f"},{"fixed":"da7bb5fc25ab21d6a8f5ff6ca44eeaddc47ee210"}],"database_specific":{"versions":[{"introduced":"3.0.0-rc1"},{"fixed":"3.0.0-rc5"}]}}],"versions":["v1.0","v1.0.0","v1.0.0-beta.211","v1.0.0-beta.212","v1.0.0-beta.220","v1.0.0-beta.224","v1.0.0-beta.247","v1.0.0-beta.254","v1.0.0-beta.277","v1.0.0-beta.280","v1.0.0-beta.287","v1.0.0-beta.289","v1.0.0-beta.291","v1.0.0-beta.300","v1.0.0-beta.324","v1.0.0-beta.339","v1.0.0-beta.341","v1.0.0-beta.352","v1.0.0-beta.355","v1.0.0-beta.366","v1.0.0-beta.374","v1.0.0-beta.392","v1.0.0-beta.395","v1.0.0-beta.404","v1.0.0-beta.408","v1.0.0-beta.416","v1.0.0-beta.421","v1.0.0-beta.427","v1.0.0-beta.433","v1.0.0-beta.436","v1.0.0-beta.440","v1.0.0-beta.442","v1.0.0-beta.453","v1.0.0-beta.470","v1.0.0-beta.475","v1.0.0-beta.481","v1.0.0-beta.484","v1.0.0-beta.505","v1.0.0-beta.508","v1.0.0-beta.513","v1.0.0-beta.524","v1.0.0-beta.545","v1.0.0-beta.548","v1.0.0-beta.555","v1.0.0-beta.573","v1.0.0-beta.576","v1.0.0-beta.582","v1.0.0-beta.601","v1.0.0-beta.610","v1.0.0-beta.614","v1.0.0-beta.621","v1.0.0-beta.644","v1.0.0-beta.652","v1.0.0-beta.666","v1.0.0-beta.673","v1.0.0-beta.676","v1.0.0-beta.682","v1.0.0-beta.692","v1.0.0-beta.695","v1.0.0-beta.704","v1.0.0-beta.712","v1.0.0-beta.721","v1.0.0-beta.723","v1.0.0-beta.732","v1.0.0-beta.744","v1.0.0-beta.754","v1.0.0-beta.756","v1.0.0-beta.767","v1.0.0-beta.771","v1.0.0-beta.784","v1.0.0-beta.794","v1.0.0-beta.804","v1.0.0-beta.809","v1.0.0-rc1","v1.0.0-rc2","v1.0.0-rc3","v1.0.alpha.0e683cc5355bc507dabac68bbc7559d3f179e185","v1.0.alpha.11781087cadf9068d1d0b43902b6161ee10ea458","v1.0.alpha.157","v1.0.alpha.164","v1.0.alpha.170","v1.0.alpha.171","v1.0.alpha.176","v1.0.alpha.178","v1.0.alpha.182","v1.0.alpha.186","v1.0.alpha.1a5668377cc840a35d233a0eb817ee9bacf0ba3e","v1.0.alpha.200","v1.0.alpha.212","v1.0.alpha.215","v1.0.alpha.216","v1.0.alpha.217","v1.0.alpha.228","v1.0.alpha.247","v1.0.alpha.249","v1.0.alpha.250","v1.0.alpha.251","v1.0.alpha.252","v1.0.alpha.256","v1.0.alpha.257","v1.0.alpha.263","v1.0.alpha.266","v1.0.alpha.267","v1.0.alpha.268","v1.0.alpha.269","v1.0.alpha.270","v1.0.alpha.271","v1.0.alpha.272","v1.0.alpha.273","v1.0.alpha.274","v1.0.alpha.275","v1.0.alpha.285","v1.0.alpha.288","v1.0.alpha.290","v1.0.alpha.291","v1.0.alpha.302","v1.0.alpha.306","v1.0.alpha.311","v1.0.alpha.329","v1.0.alpha.331cd173ce8ad858d767510fbcbc653e2dde657d","v1.0.alpha.333","v1.0.alpha.336","v1.0.alpha.338","v1.0.alpha.341","v1.0.alpha.357","v1.0.alpha.358","v1.0.alpha.361","v1.0.alpha.364","v1.0.alpha.367","v1.0.alpha.374","v1.0.alpha.392","v1.0.alpha.3af21612b65fc578585a98c30090d1e613f791eb","v1.0.alpha.404","v1.0.alpha.412","v1.0.alpha.418","v1.0.alpha.421","v1.0.alpha.425","v1.0.alpha.439","v1.0.alpha.443","v1.0.alpha.450","v1.0.alpha.463","v1.0.alpha.469","v1.0.alpha.471","v1.0.alpha.477","v1.0.alpha.481","v1.0.alpha.4c447985b63f8c90dcbde70b2eaef19d9a8c5ad2","v1.0.alpha.4ded2682d2831ed703282b2f4585e17a62ee258e","v1.0.alpha.506","v1.0.alpha.516","v1.0.alpha.522","v1.0.alpha.60e9282f0adac48cbf283306ceb08ad7a31ac94b","v1.0.alpha.6c3c5578c64125838abbc437a0242e1742d6f47a","v1.0.alpha.71b0e27517841ec7b911bafb109846ee96109f30","v1.0.alpha.7acc2beae0f0235d9408e8ed7a51f0ef3dae3aff","v1.0.alpha.9830086790caf40ce30eb9ed5d317917f8157708","v1.0.alpha.99646544953d5793f18ccb22dae2458be4ba0e05","v1.0.alpha.a00eb81f0301f5e61024dea3b92ba632d6a61a8b","v1.0.alpha.a458018aa2ccb637abacfc696157e00321cf982f","v1.0.alpha.ac56c1310c46f9c18dcad9d7ec680926fae821bb","v1.0.alpha.b42b170ad29a0f042ddee0f5a5098aa9a59a9c8e","v1.0.alpha.b84b95fe97df5c0f234d8693fbff03fa0d6a441b","v1.0.alpha.e0872b61579c8e6b8fc6124c8836660c11840f5d","v1.1.0-rc1","v1.3.0-rc1","v1.4.0-rc1","v1.5.0-rc1","v1.6.0-rc1","v1.7.0-rc1","v2.0.0-alpha1","v2.1.0-rc1","v2.1.0-rc2","v2.10.0","v2.10.0-rc1","v2.10.0-rc2","v2.10.1","v2.10.2","v2.10.3","v2.10.4","v2.10.5","v2.10.6","v2.10.7","v2.11.0","v2.11.0-rc1","v2.11.0-rc2","v2.11.1","v2.2.0-rc1","v2.2.0-rc2","v2.2.0-rc3","v2.2.0-rc4","v2.3.0-rc1","v2.4.0","v2.4.0-rc1","v2.4.0-rc2","v2.4.1","v2.4.2","v2.4.3","v2.4.4","v2.4.5","v2.4.6","v2.4.7","v2.4.8","v2.5.0-rc1","v2.6.0-rc1","v2.7.0","v2.7.0-rc1","v2.7.0-rc2","v2.8.0-rc1","v2.9.0-rc1","v2.9.0-rc2","v2.9.0-rc3","v2.9.0-rc4","v2.9.0-rc5","v2.9.1","v2.9.2","v2.9.3","v2.9.4","v2.9.5","v2.9.6","v2.9.7","v2.9.8","v3.0.0-rc1","v3.0.0-rc2","v3.0.0-rc3","v3.0.0-rc4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-28869.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}