We recently published Varnish modules for 6.3.1 and 6.2.2, which include a fix for Varnish VSV00004.

VSV00004 affects Varnish versions 5.0 and forward.

We recommend you upgrade your Varnish modules to versions 6.3.1 or 6.2.2 as soon as possible.

If you are unable to upgrade, Varnish provide a VCL mitigation for this vulnerability.

Impact of VSV00004

Successful exploitation of VSV00004 can, under specific circumstances, lead to information leaks about other connections handled by Varnish.

Information leaked can include Varnish data structures, stale header data from previous requests, and temporary headers set during processing of VCL.