CVE-2022-23959 has meanwhile been rated as critical: https://nvd.nist.gov/vuln/detail/CVE-2022-23959
Apparently it is rather easy to exploit: http://cwe.mitre.org/data/definitions/444.html Any ETA when a security-upgrade could become available? Fixes for the vulnerability seem to be rather trivial: https://github.com/varnishcache/varnish-cache/commit/fceaefd4d59a3b5d5a4903a3f420e35eb430d0d4 https://github.com/varnishcache/varnish-cache/commit/1020be7e886399a4e94407ae0dfbfd1475cc5756 Cheers, Andreas
