Affected by GO-2022-0585 and 2 other vulnerabilities

GO-2022-0585: Server-Side Request Forgery in Apache Traffic Control in github.com/apache/trafficcontrol

GO-2022-0602: Email relay in Apache Traffic Control in github.com/apache/trafficcontrol

GO-2024-2776: Apache Traffic Control Traffic Ops Vulnerable to LDAP Injection in github.com/apache/trafficcontrol

The highest tagged major version is v8.

traffic_ops/

Details

Path	Synopsis
app
bin/checks/DnssecRefresh
bin/checks/DnssecRefresh/config
db
install
bin/convert_profile
testing
api/config
api/utils
api/v1/config
api/v1/config/cachecfg
api/v1/config/ip_allow
compare
traffic_ops_golang
about
acme
api
apicapability
apitenant
asn
auth
cachegroup
cachegroupparameter
cachesstats
capabilities
cdn
cdnfederation
config
coordinate
crconfig
crstats
dbdump
dbhelpers
deliveryservice
deliveryservice/consistenthash
deliveryservice/request
deliveryservice/request/comment
deliveryservice/servers
deliveryservicerequests
deliveryservicesregexes
division
federation_resolvers
federations
hwinfo
invalidationjobs
iso
login
logs
monitoring
origin
parameter
physlocation
ping
plugin
plugins
profile
profileparameter
region
riaksvc
role
routing
routing/middleware
server
servercapability
servercheck
servercheck/extensions
servicecategory
staticdnsentry
status
steering
steeringtargets
swaggerdocs/v13
swaggerdocs/v13/swaggerspec-server
systeminfo
tenant
test
tocookie
topology
topology/topology_validation
trafficstats
types
urisigning
user
util/ims
util/monitorhlp
vault
v1-client
v2-client
v3-client