CNNVD-202508-116 Information
CNNVD ID
CNNVD-202508-116
Related CVE
- CNNVD Published: 2025-08-02
Description (Chinese)
Traefik是Traefik开源的一款开源的反向代理与负载均衡工具。 Traefik 2.11.27及之前版本、3.0.0至3.4.4版本和3.5.0-rc1版本存在安全漏洞,该漏洞源于WASM插件安装机制存在路径遍历,可能导致任意文件覆盖。
Description (English)
Traefik is an open source counter-agent and load balancing tool for Traefik open source. Traefik 2.11.27 and previous versions, 3.0.0 to 3.4.4 and 3.5.0-rc1 contain a security loophole that stems from the routing of the installation mechanism of the WASM plugin, which may result in arbitrary document coverage.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Traefik
Published
2025-08-02
Last Modified
2026-02-24
References
https://github.com/traefik/plugin-service/pull/71 https://github.com/traefik/plugin-service/pull/72 https://github.com/traefik/traefik/commit/5ef853a0c53068f69a6c229a5815a0dc6e0a8800 https://github.com/traefik/traefik/pull/11911 https://github.com/traefik/traefik/releases/tag/v2.11.28 https://github.com/traefik/traefik/security/advisories/GHSA-q6gg-9f92-r9wg
Patch
https://github.com/traefik/traefik/releases
Share on: