In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vulnerability in Traefik's handling of the "X-Forwarded-Prefix" header. The Traefik API dashboard component doesn't validate that the value of the header "X-Forwarded-Prefix" is a site relative path and ...
6.1CVSS
4.3AI Score
0.011EPSS
5.3CVSS
5.3AI Score
0.001EPSS