CVE-2022-45059

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-45059

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-45059.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-45059

Aliases

BIT-varnish-2022-45059

Downstream

ALPINE-CVE-2022-45059

DEBIAN-CVE-2022-45059

OESA-2023-1915

OESA-2023-1916

OESA-2023-1917

openSUSE-SU-2022:10198-1

openSUSE-SU-2024:12496-1

Related

Published

2022-11-09T06:15:09Z

Modified

2025-10-16T05:36:43.728111Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the backend.

References

Affected packages

Git / github.com/varnishcache/varnish-cache

Affected ranges

Type: GIT
Repo: https://github.com/varnishcache/varnish-cache
Events: Introduced

454733b82a3279a1603516b4f0a07f8bad4bcd55

Fixed

b399e1fcc7467b8c255630fa3b3fd6311e59e4df

Affected versions

varnish-7.*

varnish-7.0.0

varnish-7.0.1

varnish-7.1.0

varnish-7.1.1