Candidate: CVE-2022-23959
PublicDate: 2022-01-26 01:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23959
 https://varnish-cache.org/security/VSV00008.html
 https://docs.varnish-software.com/security/VSV00008/
Description:
 In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS
 before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before
 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1
 connections.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N [9.1 CRITICAL]


Patches_varnish:
upstream_varnish: needs-triage
trusty/esm_varnish: needs-triage
trusty_varnish: ignored (out of standard support)
xenial_varnish: ignored (out of standard support)
bionic_varnish: needs-triage
focal_varnish: needs-triage
impish_varnish: needs-triage
jammy_varnish: needs-triage
devel_varnish: needs-triage