Nixpkgs Security Tracker

Login with GitHub

Suggestions search

Untriaged
Filter by:
With package: prometheus-squid-exporter

Found 3 matching suggestions

View:
Compact
Detailed
Permalink CVE-2023-46848
8.6 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 6 months ago
Squid: denial of service in ftp

Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.

References

Affected products

squid
  • *
  • <6.4
  • ==6.4
squid:4/squid

Matching in nixpkgs

pkgs.squid

Caching proxy for the Web supporting HTTP, HTTPS, FTP, and more

  • nixos-unstable -

Package maintainers

Permalink CVE-2023-46846
9.3 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 6 months ago
Squid: request/response smuggling in http/1.1 and icap

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.

References

Affected products

squid
  • *
  • <6.4
  • ==6.4
squid34
squid:4
  • *

Matching in nixpkgs

pkgs.squid

Caching proxy for the Web supporting HTTP, HTTPS, FTP, and more

  • nixos-unstable -

Package maintainers

Permalink CVE-2023-5824
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 6 months ago
Squid: dos against http and https

Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug.

References

Affected products

squid
  • *
  • ==6.4
squid:4
  • *

Matching in nixpkgs

pkgs.squid

Caching proxy for the Web supporting HTTP, HTTPS, FTP, and more

  • nixos-unstable -

Package maintainers