Varnish-Cache Varnish Cache vulnerabilities
3 known vulnerabilities affecting varnish-cache/varnish_cache.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2021-36740MEDIUMCVSS 6.5≥ 6.0.0, < 6.0.8v6.0.82021-07-14
CVE-2021-36740 [MEDIUM] CWE-444 CVE-2021-36740: Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a larg
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.
nvd
CVE-2019-20637HIGHCVSS 7.5≥ 6.1.0, < 6.2.2≥ 6.3.0, < 6.3.12020-04-08
CVE-2019-20637 [HIGH] CWE-212 CVE-2019-20637: An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x b
An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures associated with
nvd
CVE-2020-11653HIGHCVSS 7.5≥ 6.1.0, < 6.2.3≥ 6.3.0, < 6.3.22020-04-08
CVE-2020-11653 [HIGH] CWE-617 CVE-2020-11653: An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x b
An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss.
nvd