VDB

GCVE-110-MAGEIA-2021-387

GCVE-110-MAGEIA-2021-387
Advisory Published
Vulnetix · Advisory published July 28, 2021
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8 (CVE-2021-36740).

Affected Products

VendorProductVersionsPlatforms
Mageiavarnish6.5.1-1.1.mga8 (unaffected), 0 (affected)

Browse GCVE Records

73,053 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›