Drolmat

Name of the Vulnerable Software and Affected Versions: Traefik versions prior to 2.11.9 Traefik versions prior to 3.1.3 Description: The issue arises from the manipulation of custom HTTP headers added by Traefik, such as `X-Forwarded-Host` or `X-Forwarded-Port`, which can be removed or modified by an HTTP client due to the HTTP/1.1 behavior that allows headers to be defined as hop-by-hop via the HTTP `Connection` header. This can lead to security implications as the application trusts the value of these headers. The attack relies on this HTTP/1.1 behavior. Recommendations: For Traefik versions prior to 2.11.9, upgrade to version 2.11.9 or later. For Traefik versions prior to 3.1.3, upgrade to version 3.1.3 or later. As a temporary workaround, consider restricting access to the vulnerable `X-Forwarded-Host` and `X-Forwarded-Port` headers until a patch is available. Avoid using the `Connection` header to define hop-by-hop headers in the affected API endpoints until the issue is resolved.