Name of the Vulnerable Software and Affected Versions Varnish Cache versions prior to 6.0.11

Description A request forgery attack can be performed on Varnish Cache servers with the HTTP/2 protocol enabled. An attacker may introduce invalid characters through HTTP/2 pseudo-headers, causing the Varnish server to produce invalid HTTP/1 requests to the backend, potentially exploiting vulnerabilities in a server behind the Varnish server.

Recommendations For versions prior to 6.0.11, update to Varnish 6.0.11 or later to resolve the issue. Alternatively, consider applying the mitigation hints provided by the upstream vendor as a temporary workaround.