CVE-2021-36740 — varnish - security update

Description

Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.

How to fix CVE-2021-36740

To remediate CVE-2021-36740, upgrade the affected package to a fixed version below.

—upgrade to 6.5.2-r0 or later
—upgrade to 5.2.2 or later
—upgrade to 6.5.1-1+deb11u2 or later
—upgrade to 6.1.1-1+deb10u3 or later

Is CVE-2021-36740 being exploited?

Low — EPSS is 1.0%, meaning exploitation activity has not been observed at scale.

Affected packages (4)

from 0, < 6.5.2-r0
>= 5.0.0, < 5.2.2, >= 6.1.0, < 6.6.1
from 0, < 6.5.1-1+deb11u2
from 0, < 6.1.1-1+deb10u3

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

References (10)

ADVISORYsecurity.alpinelinux.org/vuln/CVE-2021-36740
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2021-36740
WEBdocs.varnish-software.com/security/VSV00007/
WEBgithub.com/varnishcache/varnish-cache/commit/82b0a629f60136e76112c6f2c6372cce77b683be