First published: Tue Jun 11 2024(Updated: )
### Impact There is a vulnerability in [Go managing various Is methods (IsPrivate, IsLoopback, etc) for IPv4-mapped IPv6 addresses](https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ). They didn't work as expected returning false for addresses which would return true in their traditional IPv4 forms. ### References - [CVE-2024-24790](https://www.cve.org/CVERecord?id=CVE-2024-24790) ### Patches - https://github.com/traefik/traefik/releases/tag/v2.11.4 - https://github.com/traefik/traefik/releases/tag/v3.0.2 ### Workarounds No workaround. ### For more information If you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues).
Affected Software | Affected Version | How to fix |
---|---|---|
go/github.com/traefik/traefik | <2.11.4 | 2.11.4 |
go/github.com/traefik/traefik/v2 | <2.11.4 | 2.11.4 |
go/github.com/traefik/traefik/v3 | >=3.0.0-beta3<3.0.2 | 3.0.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.