Varnish · Varnish Enterprise · CVE-2021-36740
**Name of the Vulnerable Software and Affected Versions**
Varnish Enterprise versions 6.0.x through 6.0.8r2
Varnish Cache versions 5.x through 6.5.1
Varnish Cache versions 6.6.x through 6.6.0
Varnish Cache 6.0 LTS versions prior to 6.0.8
**Description**
The issue allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request when HTTP/2 is enabled.
**Recommendations**
For Varnish Enterprise versions 6.0.x through 6.0.8r2, update to version 6.0.8r3 or later.
For Varnish Cache versions 5.x through 6.5.1, update to version 6.5.2 or later.
For Varnish Cache versions 6.6.x through 6.6.0, update to version 6.6.1 or later.
For Varnish Cache 6.0 LTS versions prior to 6.0.8, update to version 6.0.8 or later.