CVE-2024-30156 Information

Description

Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS) and Varnish Enterprise 6 before 6.0.12r6 allows credits exhaustion for an HTTP/2 connection control flow window aka a Broke Window Attack.

Reference

https://varnish-cache.org/security/VSV00014.html https://varnish-cache.org/docs/7.5/whats-new/changes-7.5.html#security