VYPR

rpm package

suse/varnish&distro=SUSE Package Hub 15 SP3

pkg:rpm/suse/varnish&distro=SUSE%20Package%20Hub%2015%20SP3

Vulnerabilities (2)

  • CVE-2022-23959Jan 26, 2022
    affected < 7.1.0-bp153.2.3.1fixed 7.1.0-bp153.2.3.1

    In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.

  • CVE-2021-36740Jul 14, 2021
    affected < 7.1.0-bp153.2.3.1fixed 7.1.0-bp153.2.3.1

    Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before