Traefik

A vulnerability in Traefik allows an attacker to compromise the confidentiality of data, affecting versions v2.11.x prior to v2.11.44, v3.6.x prior to v3.6.15, and v3.7.0-rc.x prior to v3.7.0-rc.3.

A high-severity authentication bypass vulnerability exists in Traefik's `ForwardAuth` middleware when `trustForwardHeader=false` is configured and Traefik is deployed behind a trusted upstream proxy; Traefik fails to sanitize the `X-Forwarded-Prefix` header, allowing attackers to spoof a trusted prefix value and gain unauthorized access to protected backend routes.