Your submission was sent successfully! Close

CVE-2022-23959

Published: 26 January 2022

In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.

Priority

Medium

CVSS 3 base score: 9.1

Status

Package Release Status
varnish
Launchpad, Ubuntu, Debian
bionic
Released (5.2.1-1ubuntu0.1)
focal
Released (6.2.1-2ubuntu0.1)
impish
Released (6.5.2-1ubuntu0.2)
jammy
Released (6.6.1-1ubuntu0.2)
trusty Needs triage

upstream Needs triage

xenial Ignored
(out of standard support)