squid is vulnerable to HTTP request smuggling. A trusted client is able to perform HTTP Request Smuggling and access services otherwise forbidden by Squid security controls.
Vendor | Product | Version | CPE |
---|---|---|---|
- | squid3\ | stretch | cpe:2.3:a:-:squid3\:stretch:3.5.23-5+deb9u1:*:*:*:*:*:*:* |
- | squid\ | sid | cpe:2.3:a:-:squid\:sid:4.13-6:*:*:*:*:*:*:* |
- | squid\ | sid | cpe:2.3:a:-:squid\:sid:4.13-1:*:*:*:*:*:*:* |
- | squid\ | buster | cpe:2.3:a:-:squid\:buster:4.6-1+deb10u4:*:*:*:*:*:*:* |
- | squid\ | 3.11 | cpe:2.3:a:-:squid\:3.11:4.13-r0:*:*:*:*:*:*:* |
- | squid\ | 3.11 | cpe:2.3:a:-:squid\:3.11:4.9-r0:*:*:*:*:*:*:* |
- | squid\ | 3.11 | cpe:2.3:a:-:squid\:3.11:4.10-r0:*:*:*:*:*:*:* |
- | squid\ | 3.12 | cpe:2.3:a:-:squid\:3.12:4.13-r0:*:*:*:*:*:*:* |
- | squid\ | 3.12 | cpe:2.3:a:-:squid\:3.12:4.11-r0:*:*:*:*:*:*:* |
- | squid\ | 3.10 | cpe:2.3:a:-:squid\:3.10:4.8-r1:*:*:*:*:*:*:* |
www.squid-cache.org/Versions/v4/changesets/SQUID-2020_11.patch
www.squid-cache.org/Versions/v5/changesets/SQUID-2020_11.patch
github.com/squid-cache/squid/security/advisories/GHSA-jvf6-h9gj-pmj6
lists.fedoraproject.org/archives/list/[email protected]/message/DJMDRVV677AJL4BZAOLCT5LMFCGBZTC2/
lists.fedoraproject.org/archives/list/[email protected]/message/FBXFWKIGXPERDVQXG556LLPUOCMQGERC/
lists.fedoraproject.org/archives/list/[email protected]/message/O3RYBDMJCPYGOSURWDR3WJTE474UFT77/
security-tracker.debian.org/tracker/CVE-2020-25097
security.gentoo.org/glsa/202105-14
security.netapp.com/advisory/ntap-20210727-0010/
www.debian.org/security/2021/dsa-4873