VYPR

rpm package

opensuse/varnish&distro=openSUSE Leap 15.3

pkg:rpm/opensuse/varnish&distro=openSUSE%20Leap%2015.3

Vulnerabilities (2)

  • CVE-2022-23959Jan 26, 2022
    affected < 7.1.0-bp153.2.3.1fixed 7.1.0-bp153.2.3.1

    In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.

  • CVE-2021-36740Jul 14, 2021
    affected < 7.1.0-bp153.2.3.1fixed 7.1.0-bp153.2.3.1

    Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before