CVE-2021-32813

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.4.13

Description The issue concerns Traefik's handling of the Connection header, which could potentially lead to a header vulnerability. Active exploitation of this issue is unlikely as it requires a removed header to lead to a privilege escalation. However, the Traefik team has addressed this issue to prevent any potential abuse. If a chain of Traefik middlewares is used and one of them sets a request header, sending a request with a certain Connection header will cause it to be removed before the request is sent, resulting in the backend not seeing the request header.

Recommendations For Traefik versions prior to 2.4.13, upgrade to version 2.4.13 to resolve the issue. As a temporary workaround, consider avoiding the use of the Connection header with specific request headers until the patch is applied. There are no known workarounds aside from upgrading to the patched version.