Cross-Site Request Forgery (CSRF)

github.com/mittwald/kube-httpcache is vulnerable to cross-site request forgery. The vulnerability exists when the HTTP/2 protocol is turned on, allowing an attacker to introduce characters through the HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the...

CVE-2022-45060

An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce...

[SECURITY] [DLA 2920-1] varnish security update

Debian LTS Advisory DLA-2920-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany February 14, 2022 https://wiki.debian.org/LTS Package : varnish Version : 5.0.0-7+deb9u3 CVE ID : CVE-2022-23959 Debian Bug : 1004433 James Kettle discovered that a request smuggling...

CVE-2009-2936

The Command Line Interface aka Server CLI or administration interface in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to 1 execute arbitrary code via a vcl.inline...