High severityNVD Advisory· Published Oct 11, 2022· Updated Apr 23, 2025
Traefik HTTP/2 connections management could cause a denial of service
CVE-2022-39271
Description
Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. There is a potential vulnerability in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. This failure mode could be exploited to cause a denial of service. There has been a patch released in versions 2.8.8 and 2.9.0-rc5. There are currently no known workarounds.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/traefik/traefik/v2Go | < 2.8.8 | 2.8.8 |
github.com/traefik/traefik/v2Go | >= 2.9.0-rc1, < 2.9.0-rc5 | 2.9.0-rc5 |
Affected products
2Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.