CVE-2025-30346
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-30346
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-30346.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-30346
- Aliases
- Related
- Published
- 2025-03-21T07:15:37Z
- Modified
- 2025-03-26T05:55:56.210182Z
- Severity
-
- 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests.
- References
Affected packages
Debian:11 / varnish
Package
- Name
- varnish
- Purl
- pkg:deb/debian/varnish?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:12 / varnish
Package
- Name
- varnish
- Purl
- pkg:deb/debian/varnish?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:13 / varnish
Package
- Name
- varnish
- Purl
- pkg:deb/debian/varnish?arch=source
Git / github.com/varnishcache/varnish-cache
Affected ranges
- Type
- GIT
- Repo
- https://github.com/varnishcache/varnish-cache
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
varnish-3.*
varnish-3.0.0-beta1
varnish-3.0.0-beta2
varnish-4.*
varnish-4.0.0
varnish-4.0.0-beta1
varnish-4.0.0-tp1
varnish-4.0.0-tp2
varnish-4.0.1
varnish-5.*
varnish-5.0.0
varnish-5.1.0
varnish-5.1.1
varnish-5.1.2
varnish-6.*
varnish-6.0.0
varnish-6.1.0
varnish-6.4.0
varnish-6.5.0
varnish-6.5.1
varnish-6.6.0
varnish-7.*
varnish-7.0.0
varnish-7.0.1
varnish-7.1.0
varnish-7.2.0
varnish-7.3.0
varnish-7.4.0
varnish-7.5.0
varnish-7.6.0
varnish-7.6.1