CVE-2021-32813

MEDIUM

Traefik <2.4.13 - Info Disclosure

Title source: llm

Description

Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.4.13, there exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a privilege escalation, however, the Traefik team has addressed this issue to prevent any potential abuse. If one has a chain of Traefik middlewares, and one of them sets a request header, then sending a request with a certain Connection header will cause it to be removed before the request is sent. In this case, the backend does not see the request header. A patch is available in version 2.4.13. There are no known workarounds aside from upgrading.

References (3)

[Third Party Advisory] https://github.com/traefik/traefik/security/advisories/GHSA-m697-4v8f-55qg

[Patch, Third Party Advisory] https://github.com/traefik/traefik/pull/8319/commits/cbaf86a93014a969b8accf39301932c17d0d73f9

[Third Party Advisory] https://github.com/traefik/traefik/releases/tag/v2.4.13

Scores

CVSS v3 4.8

EPSS 0.0038

EPSS Percentile 59.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Details

CWE

CWE-913

Status published

Products (3)

traefik/traefik < 2.4.13

traefik/traefik 0Go

traefik/traefik 0 - 2.4.13Go

Published Aug 03, 2021

Tracked Since Feb 18, 2026