suse · CVE-2021-36740

Quick triage

Priority: high Published: 2021-07-20 00:42:46 UTC Updated: 2025-02-17 00:33:05 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2021-36740 severity important: SUSE including 3 source package names (libvarnishapi3-7.1.0-bp153.2.3.1, varnish-7.1.0-bp153.2.3.1, varnish-devel-7.1.0-bp153.2.3.1), 6 product×package rows across 2 product lines (SUSE Package Hub 15 SP3, openSUSE Leap 15.3): Fixed 6.

Description:

Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.

cvelogic Threat Intelligence