CVE-2023-47633

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.10.6 Traefik versions prior to 3.0.0-beta5

Description The issue is related to the Traefik docker container using 100% CPU when it serves as its own backend, resulting from the Docker integration in the default configuration. This can cause the server to become unresponsive. The problem arises when Traefik is configured to handle traffic for Docker containers and an automatically generated route is created, leading to an endless loop of requests. For example, sending a request with a specific hostname using curl -v --resolve "traefik-service:80:xxx.xxx.xxx.xxx" http://traefik-service can make the whole server unresponsive.

Recommendations For Traefik versions prior to 2.10.6, upgrade to version 2.10.6 or later. For Traefik versions prior to 3.0.0-beta5, upgrade to version 3.0.0-beta5 or later. As a temporary workaround, consider restricting access to the Docker backend to minimize the risk of exploitation. Avoid using the Docker integration in the default configuration until the issue is resolved.