Varnish-cache - Varnish Cache CVE

Filtered by vendor Varnish-cache Subscribe

Filtered by product Varnish Cache

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2021-36740	3 Debian, Fedoraproject, Varnish-cache	3 Debian Linux, Fedora, Varnish Cache	2022-05-15	6.4 MEDIUM	6.5 MEDIUM
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.

Vulnerabilities (CVE)