Vulnerability Reporttraefik/whoami:v1.10.0

traefik/whoami:v1.10.0

DIGESTsha256:31c5ef6feeacb10047b76fab98cf4a34c9a82a3772da42fca31ddb71debb9080

Executive Summary

Threat ScoreCAUTION• 51 exposed vulnerabilities, including CVE-2023-45288 (CVSS 7.8) enabling HTTP/2 DoS, and three medium-high severity issues (CVE-2025-61726, CVE-2026-25679, CVE-2023-39325) with CVSS ≥6.0.• Vulnerabilities like CVE-2025-61726 and CVE-2026-25679 are directly reachable via URL parsing, posing denial-of-service risk without special configuration.• Image has high community reputation (37M+ pulls, score 90) and is pinned by digest, but lacks official verification.• No high-severity post-exploit vulnerabilities, limiting lateral movement risk.• Pre-calculated threat score of 50 reinforces that caution is required.

50/100CAUTION

ReputationPOPULAR COMMUNITY• High Reputation Community Image (37M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. An attacker could cause denial of service by exploiting URL parsing vulnerabilities (CVE-2025-61726, CVE-2026-25679) or HTTP/2 flaws (CVE-2023-45288) if enabled. Disabling HTTP/2 entirely eliminates the highest-severity finding, and updating to a patched Go standard library would resolve the URL parsing issues. Note: CVE-2023-45288 is only exploitable if HTTP/2 is enabled, which is not the default in this image. Despite the image's high reputation and popularity, the vulnerability count warrants caution.

Vulnerabilities

Vulnerability Log

66 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2023-45288	HIGH7.8	stdlib v1.20.5 fixed in 1.21.9, 1.22.2	92.0% Actively Exploited	Directly ExposedContext importance: MEDIUM
CVE-2025-61726	MEDIUM6.38	stdlib v1.20.5 fixed in 1.24.12, 1.25.6	0.8% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-25679	MEDIUM6.38	stdlib v1.20.5 fixed in 1.25.8, 1.26.1	0.5% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2023-39325	MEDIUM6	stdlib v1.20.5 fixed in 1.20.10, 1.21.3	3.8% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2024-24791	MEDIUM5.9	stdlib v1.20.5 fixed in 1.21.12, 1.22.5	1.4% Low-Moderate Risk	Directly Exposed
CVE-2024-34158	MEDIUM5.9	stdlib v1.20.5 fixed in 1.22.7, 1.23.1	1.0% Low-Moderate Risk	Directly Exposed
CVE-2025-4673	MEDIUM5.78	stdlib v1.20.5 fixed in 1.23.10, 1.24.4	0.6% Theoretical Threat	Directly Exposed
CVE-2024-24785	MEDIUM5.52	stdlib v1.20.5 fixed in 1.21.8, 1.22.1	0.8% Theoretical Threat	Directly Exposed
CVE-2025-47906	MEDIUM5.52	stdlib v1.20.5 fixed in 1.23.12, 1.24.6	0.5% Theoretical Threat	Directly Exposed
CVE-2025-61727	MEDIUM5.52	stdlib v1.20.5 fixed in 1.24.11, 1.25.5	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32282	MEDIUM5.44	stdlib v1.20.5 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2024-24784	MEDIUM5.4	stdlib v1.20.5 fixed in 1.21.8, 1.22.1	1.0% Low-Moderate Risk	Directly Exposed
CVE-2023-29409	MEDIUM5.3	stdlib v1.20.5 fixed in 1.19.12, 1.20.7, 1.21.0-rc.4	1.3% Low-Moderate Risk	Directly Exposed
CVE-2023-39326	MEDIUM5.3	stdlib v1.20.5 fixed in 1.20.12, 1.21.5	1.2% Low-Moderate Risk	Directly Exposed
CVE-2023-45289	MEDIUM5.3	stdlib v1.20.5 fixed in 1.21.8, 1.22.1	1.1% Low-Moderate Risk	Directly Exposed
CVE-2023-45290	MEDIUM5.3	stdlib v1.20.5 fixed in 1.21.8, 1.22.1	1.2% Low-Moderate Risk	Directly Exposed
CVE-2023-39318	MEDIUM5.18	stdlib v1.20.5 fixed in 1.20.8, 1.21.1	0.8% Theoretical Threat	Directly Exposed
CVE-2023-39319	MEDIUM5.18	stdlib v1.20.5 fixed in 1.20.8, 1.21.1	0.8% Theoretical Threat	Directly Exposed
CVE-2026-32289	MEDIUM5.18	stdlib v1.20.5 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2025-68121	MEDIUM5.1	stdlib v1.20.5 fixed in 1.24.13, 1.25.7, 1.26.0-rc.3	0.8% Theoretical Threat	Directly Exposed
CVE-2024-24783	MEDIUM5.02	stdlib v1.20.5 fixed in 1.21.8, 1.22.1	0.7% Theoretical Threat	Directly Exposed
CVE-2024-34155	MEDIUM5.02	stdlib v1.20.5 fixed in 1.22.7, 1.23.1	0.8% Theoretical Threat	Directly Exposed
CVE-2024-45336	MEDIUM5.02	stdlib v1.20.5 fixed in 1.22.11, 1.23.5, 1.24.0-rc.2	0.6% Theoretical Threat	Directly Exposed
CVE-2024-24789	MEDIUM4.67	stdlib v1.20.5 fixed in 1.21.11, 1.22.4	0.4% Theoretical Threat	Directly Exposed
CVE-2026-32288	MEDIUM4.67	stdlib v1.20.5 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2025-22871	MEDIUM4.59	stdlib v1.20.5 fixed in 1.23.8, 1.24.2	0.7% Theoretical Threat	Directly Exposed
CVE-2026-27142	MEDIUM4.59	stdlib v1.20.5 fixed in 1.25.8, 1.26.1	0.3% Theoretical Threat	Directly Exposed
CVE-2026-39826	MEDIUM4.59	stdlib v1.20.5 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Directly Exposed
CVE-2023-45284	MEDIUM4.5	stdlib v1.20.5 fixed in 1.20.11, 1.21.4	0.9% Theoretical Threat	Directly Exposed
CVE-2025-22866	MEDIUM4.5	stdlib v1.20.5 fixed in 1.22.12, 1.23.6, 1.24.0-rc.3	0.3% Theoretical Threat	Directly Exposed
CVE-2025-22873	MEDIUM4.5	stdlib v1.20.5 fixed in 1.23.9, 1.24.3	0.2% Theoretical Threat	Directly Exposed
CVE-2025-47912	MEDIUM4.5	stdlib v1.20.5 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Directly Exposed
CVE-2025-58185	MEDIUM4.5	stdlib v1.20.5 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Directly Exposed
CVE-2025-58187	MEDIUM4.5	stdlib v1.20.5 fixed in 1.24.9, 1.25.3	0.4% Theoretical Threat	Directly Exposed
CVE-2025-58188	MEDIUM4.5	stdlib v1.20.5 fixed in 1.24.8, 1.25.2	0.3% Theoretical Threat	Directly Exposed
CVE-2025-58189	MEDIUM4.5	stdlib v1.20.5 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Directly Exposed
CVE-2025-61723	MEDIUM4.5	stdlib v1.20.5 fixed in 1.24.8, 1.25.2	0.6% Theoretical Threat	Directly Exposed
CVE-2025-61724	MEDIUM4.5	stdlib v1.20.5 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Directly Exposed
CVE-2025-61725	MEDIUM4.5	stdlib v1.20.5 fixed in 1.24.8, 1.25.2	0.6% Theoretical Threat	Directly Exposed
CVE-2025-61730	MEDIUM4.5	stdlib v1.20.5 fixed in 1.24.12, 1.25.6	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42507	MEDIUM4.5	stdlib v1.20.5 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Directly Exposed
CVE-2025-58186	MEDIUM4.5	stdlib v1.20.5 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Directly Exposed
CVE-2025-22870	LOW3.74	stdlib v1.20.5 fixed in 1.23.7, 1.24.1	0.4% Theoretical Threat	Directly Exposed
CVE-2024-45341	LOW3.57	stdlib v1.20.5 fixed in 1.22.11, 1.23.5, 1.24.0-rc.2	0.4% Theoretical Threat	Directly Exposed
CVE-2024-24790	LOW3.53	stdlib v1.20.5 fixed in 1.21.11, 1.22.4	2.0% Low-Moderate Risk	Post-Exploit
CVE-2023-45283	LOW2.7	stdlib v1.20.5 fixed in 1.20.11, 1.21.4, 1.20.12, 1.21.5	2.8% Low-Moderate Risk	Post-Exploit
CVE-2024-34156	LOW2.7	stdlib v1.20.5 fixed in 1.22.7, 1.23.1	1.1% Low-Moderate Risk	Post-Exploit
CVE-2023-29406	LOW2.34	stdlib v1.20.5 fixed in 1.19.11, 1.20.6	1.3% Low-Moderate Risk	Post-Exploit
CVE-2025-61729	LOW2.29	stdlib v1.20.5 fixed in 1.24.11, 1.25.5	0.5% Theoretical Threat	Post-Exploit
CVE-2026-32280	LOW2.29	stdlib v1.20.5 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Post-Exploit
CVE-2026-32281	LOW2.29	stdlib v1.20.5 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Post-Exploit
CVE-2026-32283	LOW2.29	stdlib v1.20.5 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Post-Exploit
CVE-2026-33811	LOW2.29	stdlib v1.20.5 fixed in 1.25.10, 1.26.3	0.5% Theoretical Threat	Post-Exploit
CVE-2026-33814	LOW2.29	stdlib v1.20.5 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Post-Exploit
CVE-2026-39820	LOW2.29	stdlib v1.20.5 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Post-Exploit
CVE-2026-39836	LOW2.29	stdlib v1.20.5 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Post-Exploit
CVE-2025-58183	LOW2.29	stdlib v1.20.5 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Post-Exploit
CVE-2025-61728	LOW2.29	stdlib v1.20.5 fixed in 1.24.12, 1.25.6	0.6% Theoretical Threat	Post-Exploit
CVE-2025-47907	LOW2.14	stdlib v1.20.5 fixed in 1.23.12, 1.24.6	0.3% Theoretical Threat	Post-Exploit
CVE-2026-27139	LOW2.12	stdlib v1.20.5 fixed in 1.25.8, 1.26.1	0.2% Theoretical Threat	Directly Exposed
CVE-2026-39823	NONE0	stdlib v1.20.5 fixed in 1.25.10, 1.26.3	0.3% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.20.5 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.20.5 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.20.5 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Not Applicable
CVE-2025-0913	NONE0	stdlib v1.20.5 fixed in 1.23.10, 1.24.4	0.2% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.20.5 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable