CVE-2021-32813 log

Source
Severity Low
Remote Yes
Type Privilege escalation
Description
Prior to version 2.4.13, there exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a privilege escalation, however, the Traefik team has addressed this issue to prevent any potential abuse. If one has a chain of Traefik middlewares, and one of them sets a request header, then sending a request with a certain Connection header will cause it to be removed before the request is sent. In this case, the backend does not see the request header.
Group Package Affected Fixed Severity Status Ticket
AVG-2252 traefik 2.4.8-1 2.4.13-1 Low Fixed
References
https://github.com/traefik/traefik/security/advisories/GHSA-m697-4v8f-55qg
https://github.com/traefik/traefik/pull/8319
https://github.com/traefik/traefik/commit/b386964abcd3322e9e975a63c8c8e774b9edadcf