CVE-2022-23959
- Source
- https://cve.org/CVERecord?id=CVE-2022-23959
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23959.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-23959
- Aliases
- Downstream
- Related
- Published
- 2022-01-26T01:15:07.900Z
- Modified
- 2026-02-23T01:51:21.438731Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.
- References
-
- https://docs.varnish-software.com/security/VSV00008/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMMDMQWNAE3BTSZUHXQHVAMZC5TLHLYT/
- https://varnish-cache.org/security/VSV00008.html
- https://docs.varnish-software.com/security/VSV00008/
- https://lists.debian.org/debian-lts-announce/2022/02/msg00014.html
- https://varnish-cache.org/security/VSV00008.html
- https://www.debian.org/security/2022/dsa-5088
- https://lists.debian.org/debian-lts-announce/2022/02/msg00014.html
Affected packages
Git / github.com/varnishcache/varnish-cache
Affected ranges
- Type
- GIT
- Repo
- https://github.com/varnishcache/varnish-cache
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroducedFixed