CVE-2023-47633— Uncontrolled Resource Consumption in Traefik
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-47633
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Uncontrolled Resource Consumption in Traefik
Source: NVD (National Vulnerability Database)
Vulnerability Description
Traefik is an open source HTTP reverse proxy and load balancer. The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration. This issue has been addressed in versions 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Containous Traefik 资源管理错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Containous Traefik是美国Containous公司的一款反向代理和负载平衡器。 Traefik存在资源管理错误漏洞,该漏洞源于允许使用100%CPU。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2023-47633
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-47633
请登录查看更多情报信息。
- https://github.com/traefik/traefik/releases/tag/v2.10.6x_refsource_MISC
- https://github.com/traefik/traefik/releases/tag/v3.0.0-beta5x_refsource_MISC
- https://github.com/traefik/traefik/security/advisories/GHSA-6fwg-jrfw-ff7px_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2023-47633
Same Patch Batch · traefik · 2023-12-04 · 3 CVEs total
| CVE-2023-47124 | 5.9 MEDIUM | Denial of service whith ACME HTTPChallenge in Traefik |
| CVE-2023-47106 | 4.8 MEDIUM | Incorrect processing of fragment in the URL leads to Authorization Bypass in Traefik |
IV. Related Vulnerabilities
Same product: traefik
- CVE-2026-44774
Traefik: Gateway API TraefikService backend accepts rest@int - CVE-2026-41181
Traefik: Errors middleware forwards Authorization and Cookie - CVE-2026-41263
Traefik: BasicAuth middleware: timing side-channel vulnerabi - CVE-2026-40912
Traefik: StripPrefixRegex auth bypass via Path/RawPath desyn - CVE-2026-39858
Traefik: Forwarded alias spoofing top pre-auth decision bypa
Same vendor: traefik
- CVE-2026-44774
Traefik: Gateway API TraefikService backend accepts rest@int - CVE-2026-41181
Traefik: Errors middleware forwards Authorization and Cookie - CVE-2026-41263
Traefik: BasicAuth middleware: timing side-channel vulnerabi - CVE-2026-40912
Traefik: StripPrefixRegex auth bypass via Path/RawPath desyn - CVE-2026-39858
Traefik: Forwarded alias spoofing top pre-auth decision bypa
Same weakness: CWE-400
- CVE-2026-42304
Twisted: Denial of Service (DoS) in twisted.names via Crafte - CVE-2026-44248
Netty: Resource exhaustion in MqttDecoder - CVE-2026-42587
Netty: HttpContentDecompressor maxAllocation bypass via Cont - CVE-2026-42583
Netty: Lz4FrameDecoder resource exhaustion - CVE-2026-44456
Hono: bodyLimit() can be bypassed for chunked / unknown-leng
V. Comments for CVE-2023-47633
No comments yet