CVE-2021-28543

Name of the Vulnerable Software and Affected Versions: Varnish varnish-modules versions prior to 0.17.1

Description: The issue allows remote attackers to cause a denial of service (daemon restart) in some configurations, specifically when both Varnish Cache and varnish-modules are installed. This can be triggered through the varnish-modules header.append() and header.copy() functions, potentially causing a Varnish Cache restart for some Varnish Configuration Language (VCL) files. A restart reduces overall availability and performance due to an increased number of cache misses and may cause higher load on backend servers.

Recommendations: For versions prior to 0.17.1, update to version 0.17.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the header.append() and header.copy() functions in varnish-modules to minimize the risk of exploitation.