VDB
DEBIAN-CVE-2021-36740
DEBIAN-CVE-2021-36740
PUBLISHED
CVSS 6.5 MEDIUM
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | varnish | 0, 0, 0 |
| Debian:13 | varnish | 0, 0, 0 |
| Debian:11 | varnish | 6.5.1-1, 6.5.1-1+deb11u1, 0 |
| Debian:14 | varnish | 0, 0, 0 |
Timeline
- Jul 14, 2021 CVE Published
- Apr 28, 2026 CVE Updated