AIKIDO-2025-10499
github.com/traefik/traefik/v2 is vulnerable to Path Traversal
73
High Risk
This Affects:
github.com/traefik/traefik/v2TL;DR
Affected versions of this package contain a Directory Traversal vulnerability in Zip Extraction due to insufficient sanitization of filenames during archive processing. Attackers can exploit this by crafting malicious zip archives containing entries with relative paths that, when extracted, resolve outside the intended destination directory. It allows unauthorized file operations such as overwriting critical system files, exposing sensitive data, or achieving remote code execution by modifying executable files.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
github.com/traefik/traefik/v2 is vulnerable to Path Traversal in versions 2.3.0 - 2.11.27.
How to fix this
Upgrade the github.com/traefik/traefik/v2 library to the patch version.
Links
GitHub Release
Get Secure Now
Secure your code, cloud, and runtime environments in one central system. Find and fix vulnerabilities automatically.
No credit card required | Scan results in 32secs.
SOC 2Compliant
ISO 27001Compliant