An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html
http://www.squid-cache.org/Advisories/SQUID-2020_1.txt
http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch
http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch
https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html
https://security.gentoo.org/glsa/202003-34
https://security.netapp.com/advisory/ntap-20210304-0002/
Source: MITRE
Published: 2020-02-04
Updated: 2021-03-04
Type: CWE-668
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM
Base Score: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Impact Score: 3.6
Exploitability Score: 3.9
Severity: HIGH