CVE-2019-20637
HIGHVarnish Cache <6.0.5 LTS, 6.1.x, 6.2.x <6.2.2, 6.3.x <6.3.1 - Info ...
Title source: llmDescription
An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures associated with previous requests within this connection or VCL-related temporary headers.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
http://varnish-cache.org/security/VSV00004.html#vsv00004
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00031.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00026.html
Scores
CVSS v3
7.5
EPSS
0.0168
EPSS Percentile
73.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-212
Status
published
Products (4)
opensuse/backports_sle
15.0 sp1
opensuse/leap
15.1
varnish-cache/varnish_cache
6.1.0 - 6.2.2
varnish-software/varnish_cache
6.0.0 - 6.0.5
Published
Apr 08, 2020
Tracked Since
Feb 18, 2026