rpm package
opensuse/varnish&distro=openSUSE Leap 15.3
pkg:rpm/opensuse/varnish&distro=openSUSE%20Leap%2015.3
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-23959 | — | < 7.1.0-bp153.2.3.1 | 7.1.0-bp153.2.3.1 | Jan 26, 2022 | In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections. | ||
| CVE-2021-36740 | — | < 7.1.0-bp153.2.3.1 | 7.1.0-bp153.2.3.1 | Jul 14, 2021 | Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before |
- CVE-2022-23959Jan 26, 2022affected < 7.1.0-bp153.2.3.1fixed 7.1.0-bp153.2.3.1
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.
- CVE-2021-36740Jul 14, 2021affected < 7.1.0-bp153.2.3.1fixed 7.1.0-bp153.2.3.1
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before