* SQUID-2020-8 Description: "Due to incorrect data validation Squid is vulnerable to HTTP Request Splitting attacks against HTTP and HTTPS traffic. This leads to cache poisoning." * SQUID-2020-9 Description: "Due to Improper Input Validation Squid is vulnerable to a Denial of Service attack against the machine operating Squid." * SQUID-2020-10 Description: "Due to incorrect data validation Squid is vulnerable to HTTP Request Smuggling attacks against HTTP and HTTPS traffic. This leads to cache poisoning."
(In reply to Sam James from comment #0) > * SQUID-2020-8 > > Description: > "Due to incorrect data validation Squid is vulnerable to HTTP > Request Splitting attacks against HTTP and HTTPS traffic. This > leads to cache poisoning." > https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv > * SQUID-2020-9 > > Description: > "Due to Improper Input Validation Squid is vulnerable to a Denial > of Service attack against the machine operating Squid." > https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg > * SQUID-2020-10 > > Description: > "Due to incorrect data validation Squid is vulnerable to HTTP > Request Smuggling attacks against HTTP and HTTPS traffic. This > leads to cache poisoning." https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m ---- Please bump to 4.13.
A copy of 4.12 seems to be working fine here.
(In reply to Sam James from comment #1) > (In reply to Sam James from comment #0) > > * SQUID-2020-8 > > > > Description: > > "Due to incorrect data validation Squid is vulnerable to HTTP > > Request Splitting attacks against HTTP and HTTPS traffic. This > > leads to cache poisoning." > > > CVE-2020-15811 > https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv > > > * SQUID-2020-9 > > > > Description: > > "Due to Improper Input Validation Squid is vulnerable to a Denial > > of Service attack against the machine operating Squid." > > > CVE-2020-24606 > https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg > > > * SQUID-2020-10 > > > > Description: > > "Due to incorrect data validation Squid is vulnerable to HTTP > > Request Smuggling attacks against HTTP and HTTPS traffic. This > > leads to cache poisoning." > > https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m > CVE-2020-15810
GLSA vote: no