Note:
This project will be discontinued after December 13, 2021. [more]
2020-03-20
Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.
| Products | Ubuntu_linux, Debian_linux, Leap, Squid |
| Type | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74) |
| First patch | - None (likely due to unavailable code) |
| Patches |
• https://github.com/squid-cache/squid/pull/505
• https://github.com/squid-cache/squid/pull/504 |
| Links |
• http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html
• https://usn.ubuntu.com/4356-1/ • https://www.debian.org/security/2020/dsa-4732 • https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html |