VYPR
High severityNVD Advisory· Published Oct 11, 2022· Updated Apr 23, 2025

Traefik HTTP/2 connections management could cause a denial of service

CVE-2022-39271

Description

Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. There is a potential vulnerability in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. This failure mode could be exploited to cause a denial of service. There has been a patch released in versions 2.8.8 and 2.9.0-rc5. There are currently no known workarounds.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/traefik/traefik/v2Go
< 2.8.82.8.8
github.com/traefik/traefik/v2Go
>= 2.9.0-rc1, < 2.9.0-rc52.9.0-rc5

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.