Varnish-Cache: >> Varnish Cache >> 6.0.8 Security Vulnerabilities
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-07-14