AVG-2154 log

Package varnish
Status Fixed
Severity Medium
Type url request injection
Affected 6.6.0-2
Fixed 6.6.1-1
Current 7.1.0-1 [extra]
Ticket None
Created Wed Jul 14 19:13:24 2021
Issue Severity Remote Type Description
CVE-2021-36740 Medium Yes Url request injection
Varnish Cache before version 6.6.1, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content- Length header for a POST request.
Date Advisory Package Type
14 Jul 2021 ASA-202107-28 varnish url request injection