Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:golang/github.com/traefik/traefik/v3@3.0.2
Typegolang
Namespacegithub.com/traefik/traefik
Namev3
Version3.0.2
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version3.0.3
Latest_non_vulnerable_version3.7.3
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-cgdu-5wed-pfda
vulnerability_id VCID-cgdu-5wed-pfda
summary 
Traefik has unexpected behavior with IPv4-mapped IPv6 addresses
### Impact

There is a vulnerability in [Go managing various Is methods (IsPrivate, IsLoopback, etc) for IPv4-mapped IPv6 addresses](https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ).

They didn't work as expected returning false for addresses which would return true in their traditional IPv4 forms.

### References

- [CVE-2024-24790](https://www.cve.org/CVERecord?id=CVE-2024-24790)

### Patches

- https://github.com/traefik/traefik/releases/tag/v2.11.4
- https://github.com/traefik/traefik/releases/tag/v3.0.2

### Workarounds

No workaround.

### For more information

If you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues).
references
0
reference_url https://github.com/traefik/traefik
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/traefik/traefik
1
reference_url https://github.com/traefik/traefik/releases/tag/v2.11.4
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/traefik/traefik/releases/tag/v2.11.4
2
reference_url https://github.com/traefik/traefik/releases/tag/v3.0.2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/traefik/traefik/releases/tag/v3.0.2
3
reference_url https://github.com/traefik/traefik/security/advisories/GHSA-7jmw-8259-q9jx
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/traefik/traefik/security/advisories/GHSA-7jmw-8259-q9jx
4
reference_url https://pkg.go.dev/vuln/GO-2024-2917
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2024-2917
5
reference_url https://www.cve.org/CVERecord?id=CVE-2024-24790
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.cve.org/CVERecord?id=CVE-2024-24790
fixed_packages
0
url pkg:golang/github.com/traefik/traefik/v3@3.0.2
purl pkg:golang/github.com/traefik/traefik/v3@3.0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/traefik/traefik/v3@3.0.2
aliases GHSA-7jmw-8259-q9jx
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cgdu-5wed-pfda
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:golang/github.com/traefik/traefik/v3@3.0.2