2 matches found
CVE-2022-23959
CVE-2022-23959 affects Varnish Cache and related variants, where HTTP/1 connections are vulnerable to a request smuggling flaw in versions before 6.6.2 (and 7.x before 7.0.2), 6.0 LTS before 6.0.10, and Varnish Enterprise/Cache Plus before 4.1.11r6 and 6.0.9r4. The root cause is improper handling...
CVE-2022-45060
CVE-2022-45060 – Varnish Cache HTTP/2 header forgery affects Varnish Cache 5.x and 6.x up to before 6.0.11, 7.x up to before 7.1.2, and 7.2.x up to before 7.2.1. An attacker can inject characters in HTTP/2 pseudo-headers that are invalid for HTTP/1 request lines, causing the Varnish server to gen...