Kunte0

**Name of the Vulnerable Software and Affected Versions** Traefik versions prior to 2.11.14 Traefik versions prior to 3.2.1 **Description** There is a vulnerability in Traefik that allows the client to provide the `X-Forwarded-Prefix` header from an untrusted source. This issue can be exploited to bypass validation, potentially leading to cache poisoning scenarios. The Traefik API dashboard component tries to validate that the value of the `X-Forwarded-Prefix` header is a site relative path, but an attacker can bypass this by sending a crafted payload. **Recommendations** For Traefik versions prior to 2.11.14, update to version 2.11.14 or later. For Traefik versions prior to 3.2.1, update to version 3.2.1 or later. As a temporary workaround, consider restricting access to the `X-Forwarded-Prefix` header to minimize the risk of exploitation.