Vulnerability Reporttraefik/whoami:v1.10.1

traefik/whoami:v1.10.1

DIGESTsha256:6956a30c7d33f61bb7fdf1c14dcb3192fca4093cd5b91b5f9b38862862072fe9

Executive Summary

Threat ScoreDANGEROUS• High reputation image (37M+ pulls) but severely compromised by 56 vulnerabilities, including 2 with severity >=7.0.• Critical CVE-2023-45288 (severity 9.75) enables remote denial of service via HTTP/2 CONTINUATION frames with active exploitation (EPSS 0.92).• CVE-2024-24790 (severity 7.84) could allow bypass of IP-based security controls due to IPv4-mapped IPv6 address handling flaws.• CVE-2025-61726 (severity 6.38) poses memory exhaustion risk from excessive query parameters, affecting all HTTP requests.• All 10 post-exploit vulnerabilities are low severity (max 2.7), limiting impact after initial compromise.

75/100DANGEROUS

ReputationPOPULAR COMMUNITY• High Reputation Community Image (37M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could exploit CVE-2023-45288 to cause denial of service by sending excessive HTTP/2 frames, and CVE-2024-24790 could allow security control bypass via incorrect IP address classification. The image has 56 vulnerabilities total, with 2 rated high severity. Updating to a patched version of the Go standard library is essential to resolve these critical issues.

Vulnerabilities

Vulnerability Log

66 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2023-45288	CRITICAL9.75	stdlib v1.20.5 fixed in 1.21.9, 1.22.2	92.0% Actively Exploited	Directly ExposedContext importance: HIGH
CVE-2024-24790	HIGH7.84	stdlib v1.20.5 fixed in 1.21.11, 1.22.4	2.0% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2025-68121	MEDIUM6.8	stdlib v1.20.5 fixed in 1.24.13, 1.25.7, 1.26.0-rc.3	0.8% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2025-61726	MEDIUM6.38	stdlib v1.20.5 fixed in 1.24.12, 1.25.6	0.8% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2023-39325	MEDIUM6	stdlib v1.20.5 fixed in 1.20.10, 1.21.3	3.8% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2024-24791	MEDIUM5.9	stdlib v1.20.5 fixed in 1.21.12, 1.22.5	1.4% Low-Moderate Risk	Directly Exposed
CVE-2024-34158	MEDIUM5.9	stdlib v1.20.5 fixed in 1.22.7, 1.23.1	1.0% Low-Moderate Risk	Directly Exposed
CVE-2025-4673	MEDIUM5.78	stdlib v1.20.5 fixed in 1.23.10, 1.24.4	0.6% Theoretical Threat	Directly Exposed
CVE-2024-24785	MEDIUM5.52	stdlib v1.20.5 fixed in 1.21.8, 1.22.1	0.8% Theoretical Threat	Directly Exposed
CVE-2025-47906	MEDIUM5.52	stdlib v1.20.5 fixed in 1.23.12, 1.24.6	0.5% Theoretical Threat	Directly Exposed
CVE-2025-61727	MEDIUM5.52	stdlib v1.20.5 fixed in 1.24.11, 1.25.5	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32282	MEDIUM5.44	stdlib v1.20.5 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2024-24784	MEDIUM5.4	stdlib v1.20.5 fixed in 1.21.8, 1.22.1	1.0% Low-Moderate Risk	Directly Exposed
CVE-2023-29409	MEDIUM5.3	stdlib v1.20.5 fixed in 1.19.12, 1.20.7, 1.21.0-rc.4	1.3% Low-Moderate Risk	Directly Exposed
CVE-2023-39326	MEDIUM5.3	stdlib v1.20.5 fixed in 1.20.12, 1.21.5	1.2% Low-Moderate Risk	Directly Exposed
CVE-2023-45289	MEDIUM5.3	stdlib v1.20.5 fixed in 1.21.8, 1.22.1	1.1% Low-Moderate Risk	Directly Exposed
CVE-2023-45290	MEDIUM5.3	stdlib v1.20.5 fixed in 1.21.8, 1.22.1	1.2% Low-Moderate Risk	Directly Exposed
CVE-2023-39318	MEDIUM5.18	stdlib v1.20.5 fixed in 1.20.8, 1.21.1	0.8% Theoretical Threat	Directly Exposed
CVE-2023-39319	MEDIUM5.18	stdlib v1.20.5 fixed in 1.20.8, 1.21.1	0.8% Theoretical Threat	Directly Exposed
CVE-2026-32289	MEDIUM5.18	stdlib v1.20.5 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2025-61729	MEDIUM5.1	stdlib v1.20.5 fixed in 1.24.11, 1.25.5	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-25679	MEDIUM5.1	stdlib v1.20.5 fixed in 1.25.8, 1.26.1	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-32280	MEDIUM5.1	stdlib v1.20.5 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-32281	MEDIUM5.1	stdlib v1.20.5 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-32283	MEDIUM5.1	stdlib v1.20.5 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2024-24783	MEDIUM5.02	stdlib v1.20.5 fixed in 1.21.8, 1.22.1	0.7% Theoretical Threat	Directly Exposed
CVE-2024-34155	MEDIUM5.02	stdlib v1.20.5 fixed in 1.22.7, 1.23.1	0.8% Theoretical Threat	Directly Exposed
CVE-2024-45336	MEDIUM5.02	stdlib v1.20.5 fixed in 1.22.11, 1.23.5, 1.24.0-rc.2	0.6% Theoretical Threat	Directly Exposed
CVE-2024-24789	MEDIUM4.67	stdlib v1.20.5 fixed in 1.21.11, 1.22.4	0.4% Theoretical Threat	Directly Exposed
CVE-2026-32288	MEDIUM4.67	stdlib v1.20.5 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2025-22871	MEDIUM4.59	stdlib v1.20.5 fixed in 1.23.8, 1.24.2	0.7% Theoretical Threat	Directly Exposed
CVE-2026-27142	MEDIUM4.59	stdlib v1.20.5 fixed in 1.25.8, 1.26.1	0.3% Theoretical Threat	Directly Exposed
CVE-2026-39826	MEDIUM4.59	stdlib v1.20.5 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Directly Exposed
CVE-2023-45284	MEDIUM4.5	stdlib v1.20.5 fixed in 1.20.11, 1.21.4	0.9% Theoretical Threat	Directly Exposed
CVE-2025-22866	MEDIUM4.5	stdlib v1.20.5 fixed in 1.22.12, 1.23.6, 1.24.0-rc.3	0.3% Theoretical Threat	Directly Exposed
CVE-2025-22873	MEDIUM4.5	stdlib v1.20.5 fixed in 1.23.9, 1.24.3	0.2% Theoretical Threat	Directly Exposed
CVE-2025-47912	MEDIUM4.5	stdlib v1.20.5 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Directly Exposed
CVE-2025-58185	MEDIUM4.5	stdlib v1.20.5 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Directly Exposed
CVE-2025-58187	MEDIUM4.5	stdlib v1.20.5 fixed in 1.24.9, 1.25.3	0.4% Theoretical Threat	Directly Exposed
CVE-2025-58188	MEDIUM4.5	stdlib v1.20.5 fixed in 1.24.8, 1.25.2	0.3% Theoretical Threat	Directly Exposed
CVE-2025-58189	MEDIUM4.5	stdlib v1.20.5 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Directly Exposed
CVE-2025-61723	MEDIUM4.5	stdlib v1.20.5 fixed in 1.24.8, 1.25.2	0.6% Theoretical Threat	Directly Exposed
CVE-2025-61724	MEDIUM4.5	stdlib v1.20.5 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Directly Exposed
CVE-2025-61725	MEDIUM4.5	stdlib v1.20.5 fixed in 1.24.8, 1.25.2	0.6% Theoretical Threat	Directly Exposed
CVE-2025-61730	MEDIUM4.5	stdlib v1.20.5 fixed in 1.24.12, 1.25.6	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42507	MEDIUM4.5	stdlib v1.20.5 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Directly Exposed
CVE-2025-58186	MEDIUM4.5	stdlib v1.20.5 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Directly Exposed
CVE-2025-22870	LOW3.74	stdlib v1.20.5 fixed in 1.23.7, 1.24.1	0.4% Theoretical Threat	Directly Exposed
CVE-2024-45341	LOW3.57	stdlib v1.20.5 fixed in 1.22.11, 1.23.5, 1.24.0-rc.2	0.4% Theoretical Threat	Directly Exposed
CVE-2023-45283	LOW2.7	stdlib v1.20.5 fixed in 1.20.11, 1.21.4, 1.20.12, 1.21.5	2.8% Low-Moderate Risk	Post-Exploit
CVE-2024-34156	LOW2.7	stdlib v1.20.5 fixed in 1.22.7, 1.23.1	1.1% Low-Moderate Risk	Post-Exploit
CVE-2023-29406	LOW2.34	stdlib v1.20.5 fixed in 1.19.11, 1.20.6	1.3% Low-Moderate Risk	Post-Exploit
CVE-2026-33811	LOW2.29	stdlib v1.20.5 fixed in 1.25.10, 1.26.3	0.5% Theoretical Threat	Post-Exploit
CVE-2026-33814	LOW2.29	stdlib v1.20.5 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Post-Exploit
CVE-2026-39820	LOW2.29	stdlib v1.20.5 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Post-Exploit
CVE-2026-39836	LOW2.29	stdlib v1.20.5 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Post-Exploit
CVE-2025-58183	LOW2.29	stdlib v1.20.5 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Post-Exploit
CVE-2025-61728	LOW2.29	stdlib v1.20.5 fixed in 1.24.12, 1.25.6	0.6% Theoretical Threat	Post-Exploit
CVE-2025-47907	LOW2.14	stdlib v1.20.5 fixed in 1.23.12, 1.24.6	0.3% Theoretical Threat	Post-Exploit
CVE-2026-27139	LOW2.12	stdlib v1.20.5 fixed in 1.25.8, 1.26.1	0.2% Theoretical Threat	Directly Exposed
CVE-2026-39823	NONE0	stdlib v1.20.5 fixed in 1.25.10, 1.26.3	0.3% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.20.5 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.20.5 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.20.5 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Not Applicable
CVE-2025-0913	NONE0	stdlib v1.20.5 fixed in 1.23.10, 1.24.4	0.2% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.20.5 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable