Varnish-Software Varnish Cache Plus vulnerabilities
2 known vulnerabilities affecting varnish-software/varnish_cache_plus.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2022-45060HIGHCVSS 7.5v6.0.0v6.0.1+9 more2022-11-09
CVE-2022-45060 [HIGH] CWE-20 CVE-2022-45060: An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before
An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn,
nvd
CVE-2022-23959CRITICALCVSS 9.1≥ 6.0.0, < 6.0.9r42022-01-26
CVE-2022-23959 [CRITICAL] CWE-444 CVE-2022-23959: In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Var
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.
nvd