A flaw was found in squid. Due to improper validation while parsing the request URI, squid is vulnerable to HTTP request smuggling. This issue could allow a trusted client to perform an HTTP request smuggling attack and access services otherwise forbidden by squid. The highest threat from this vulnerability is to data confidentiality.
This flaw can be mitigated by setting the uri_whitespace
directive in squid.conf to either:
uri_whitespace deny
or
uri_whitespace encode