{"id":"CVE-2022-23959","details":"In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.","aliases":["BIT-varnish-2022-23959"],"modified":"2026-05-18T05:53:41.004146051Z","published":"2022-01-26T00:38:55Z","related":["ALSA-2022:0418","openSUSE-SU-2022:0148-1","openSUSE-SU-2024:12086-1","openSUSE-SU-2026:10751-1"],"database_specific":{"unresolved_ranges":[{"extracted_events":[{"fixed":"6.6.2"},{"introduced":"7.x"},{"fixed":"7.0.2"},{"fixed":"6.0.10"},{"introduced":"4.1.x"},{"fixed":"4.1.11r6"},{"introduced":"6.0.x"},{"fixed":"6.0.9r4"}],"source":"DESCRIPTION"}],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23959.json","cna_assigner":"mitre"},"references":[{"type":"WEB","url":"https://docs.varnish-software.com/security/VSV00008/"},{"type":"WEB","url":"https://varnish-cache.org/security/VSV00008.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23959.json"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMMDMQWNAE3BTSZUHXQHVAMZC5TLHLYT/"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23959"},{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5088"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2022/02/msg00014.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/varnishcache/varnish-cache","events":[{"introduced":"454733b82a3279a1603516b4f0a07f8bad4bcd55"},{"fixed":"9b5f68e19ca0ab60010641e305fd12822f18d42c"}],"database_specific":{"extracted_events":[{"introduced":"7.0.0"},{"fixed":"7.0.2"}],"cpe":"cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*","source":"CPE_FIELD"}}],"versions":["varnish-7.0.1","varnish-7.0.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23959.json"}}],"schema_version":"1.7.5"}