8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
squid is vulnerable to HTTP request smuggling. A trusted client is able to perform HTTP Request Smuggling and access services otherwise forbidden by Squid security controls.
www.squid-cache.org/Versions/v4/changesets/SQUID-2020_11.patch
www.squid-cache.org/Versions/v5/changesets/SQUID-2020_11.patch
github.com/squid-cache/squid/security/advisories/GHSA-jvf6-h9gj-pmj6
lists.fedoraproject.org/archives/list/[email protected]/message/DJMDRVV677AJL4BZAOLCT5LMFCGBZTC2/
lists.fedoraproject.org/archives/list/[email protected]/message/FBXFWKIGXPERDVQXG556LLPUOCMQGERC/
lists.fedoraproject.org/archives/list/[email protected]/message/O3RYBDMJCPYGOSURWDR3WJTE474UFT77/
security-tracker.debian.org/tracker/CVE-2020-25097
security.gentoo.org/glsa/202105-14
security.netapp.com/advisory/ntap-20210727-0010/
www.debian.org/security/2021/dsa-4873
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N