3 matches found
CVE-2020-11653
CVE-2020-11653 affects Varnish Cache prior to 6.0.6 LTS, 6.1.x prior to 6.2.3, and 6.3.x prior to 6.3.2. When a TLS termination proxy uses PROXY v2, an assertion failure can occur, causing the varnishd daemon to restart and leading to performance loss. Connected advisories (Debian/Ubuntu/Rocky) r...
CVE-2019-20637
Varnish Cache (versions before 6.0.5 LTS, 6.1.x before 6.2.2, and 6.3.x before 6.3.1) is affected by CVE-2019-20637. The vulnerability arises because a pointer is not cleared between handling successive client requests on the same TCP connection, which can allow disclosure of data from the connec...
CVE-2021-36740
Varnish Cache, with HTTP/2 enabled, is vulnerable to request smuggling and VCL authorization bypass via a large Content-Length header in POST requests. Affected: Varnish Enterprise 6.0.x before 6.0.8r3; Varnish Cache 5.x and 6.x before 6.5.2; 6.6.x before 6.6.1; and 6.0 LTS before 6.0.8. Mitigati...