vulnerability

Alpine Linux: CVE-2022-45060: Vulnerability in Multiple Components

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:C/A:N)
Published
Nov 9, 2022
Added
Aug 22, 2024
Modified
Oct 2, 2024

Description

An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected.

Solution

alpine-linux-upgrade-varnish
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.