Varnish-Software: >> Varnish Enterprise >> 6.0.13 Security Vulnerabilities
Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-03-21
Varnish Enterprise before 6.0.13r13 allows remote attackers to obtain sensitive information via an out-of-bounds read for range requests on ephemeral MSE4 stevedore objects.
CVSS Score
4.0
EPSS Score
0.001
Published
2025-03-21