Affected by GO-2025-3627 and 18 other vulnerabilities

GO-2025-3627: Traefik affected by Go HTTP Request Smuggling Vulnerability in github.com/traefik/traefik

GO-2025-3634: Traefik has a possible vulnerability with the path matchers in github.com/traefik/traefik

GO-2025-3719: Traefik allows path traversal using url encoding in github.com/traefik/traefik

GO-2025-3835: Traefik Client Plugin's Path Traversal Vulnerability Allows Arbitrary File Overwrite and Remote Code Execution in github.com/traefik/traefik

GO-2025-4205: Traefik Inverted TLS Verification Logic in ingress-nginx Provider in github.com/traefik/traefik

GO-2025-4206: Path Normalization Bypass in Traefik Router + Middleware Rules in github.com/traefik/traefik

GO-2026-4322: Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall in github.com/traefik/traefik

GO-2026-4484: Traefik: TCP readTimeout bypass via STARTTLS on Postgres in github.com/traefik/traefik

GO-2026-4530: Traefik affected by TLS ClientAuth Bypass on HTTP/3 in github.com/traefik/traefik

GO-2026-4593: Traefik has unbounded io.ReadAll on auth server response body that causes OOM DOS in github.com/traefik/traefik

GO-2026-4594: Traefik: tcp router clears read deadlines before tls forwarding, enabling stalled handshakes (Slowloris DOS) in github.com/traefik/traefik

GO-2026-4597: traefik CVE-2024-45410 fix bypass: lowercase `Connection` tokens can delete traefik-managed forwarded identity headers (for example, `X-Real-Ip`) in github.com/traefik/traefik

GO-2026-4679: Traefik: kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values in github.com/traefik/traefik

GO-2026-4684: Traefik: HTTP/2 frames can cause a running server to panic in github.com/traefik/traefik

GO-2026-4792: Traefik Affected by BasicAuth Middleware Timing Attack Allows Username Enumeration in github.com/traefik/traefik

GO-2026-4793: Traefik has a Potential mTLS Bypass via Fragmented TLS ClientHello Causing Pre-SNI Sniff Fallback to Default Non-mTLS TLS Config in github.com/traefik/traefik

GO-2026-4880: Traefik has Knative Ingress Rule Injection that Allows Host Restriction Bypass in github.com/traefik/traefik

GO-2026-4893: Traefik Vulnerable to BasicAuth/DigestAuth Identity Spoofing via Non-Canonical headerField in github.com/traefik/traefik

GO-2026-4897: Traefik: Deny Rule Bypass via Unauthenticated Malicious gRPC Requests in gRPC-Go Dependency (CVE-2026-33186) in github.com/traefik/traefik

The highest tagged major version is v3.

rules

package

v2.11.22 Latest Latest Go to latest Published: Mar 31, 2025 License: MIT Imports: 5 Imported by: 1

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/traefik/traefik

Links

Open Source Insights

Documentation ¶

Index ¶

func CheckRule(rule *Tree) error
func NewParser(matchers []string) (predicate.Parser, error)
type Tree
- func (tree *Tree) ParseMatchers(matchers []string) []string
type TreeBuilder

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CheckRule ¶ added in v2.7.0

func CheckRule(rule *Tree) error

CheckRule validates the given rule.

func NewParser ¶ added in v2.7.0

func NewParser(matchers []string) (predicate.Parser, error)

NewParser constructs a parser for the given matchers.

Types ¶

type Tree ¶ added in v2.7.0

type Tree struct {
	Matcher   string
	Not       bool
	Value     []string
	RuleLeft  *Tree
	RuleRight *Tree
}

Tree represents the rules' tree structure.

func (*Tree) ParseMatchers ¶ added in v2.7.0

func (tree *Tree) ParseMatchers(matchers []string) []string

ParseMatchers returns the subset of matchers in the Tree matching the given matchers.

type TreeBuilder ¶ added in v2.7.0

type TreeBuilder func() *Tree

TreeBuilder defines the type for a Tree builder.

Source Files ¶

View all Source files

parser.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL