-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe provided data indicates the vulnerability stems from Azure Identity Libraries and a race condition (CWE-362), but no specific vulnerable functions in Traefik's codebase are explicitly identified. The patches involve updating the go-acme/lego dependency to v4.17.4, suggesting the root cause lies in this library's Azure DNS integration. Without commit diffs, code references, or explicit function names from Traefik's code, we cannot confidently pinpoint vulnerable functions within the Traefik packages themselves. The vulnerability likely resides in the interaction between go-acme/lego and Azure SDKs, but insufficient details prevent high-confidence identification of specific Traefik functions.
GoGo| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/traefik/traefik/v3 | go | <= 3.0.2 | 3.0.3 |
| github.com/traefik/traefik/v2 | go | <= 2.11.4 | 2.11.5 |
Ongoing coverage of React2Shell