← back
CVE-2022-23959

CVE-2022-23959

EPSS 2.0%
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://docs.varnish-software.com/security/VSV00008/https://lists.debian.org/debian-lts-announce/2022/02/msg00014.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMMDMQWNAE3BTSZUHXQHVAMZC5TLHLYT/https://varnish-cache.org/security/VSV00008.htmlhttps://www.debian.org/security/2022/dsa-5088