CVE-2020-8449
7.5
HIGH
CVSS 3.1
EPSS 4.0%
Description
An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.
How to fix CVE-2020-8449
To remediate CVE-2020-8449, upgrade the affected package to a fixed version below.
- Alpine/squid—upgrade to 4.10-r0 or later
- Debian/squid—upgrade to 4.10-1 or later
Is CVE-2020-8449 being exploited?
Low — EPSS is 4.0%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 4.10-r0
- from 0, < 4.10-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |