Security Advisory

CVE-2022-45060

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-11-09 00:00:00

Last updated 2025-05-01 14:28:59

Assigner mitre

State PUBLISHED

Description

An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected.

← Browse all CVEs View on cve.org ↗