A remote attacker able to send specially crafted HTTP/1 chunked requests can exploit Varnish to smuggle additional requests, potentially leading to information disclosure and allowing incorrect or malicious content to be cached and served to other users.