Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10.

HAQM is aware of CVE-2024-45802 affecting the ESI feature of the squid package in HAQM Linux 2. This feature is not enabled by default and is rarely used. There is no fix planned for this CVE in HAQM Linux 2, and customers are advised to keep the default configuration of ESI being disabled. The ESI feature of squid is completely removed in AL2023, as the upstream squid project has done to mitigate this CVE. Customers needing time to migrate away from using ESI should be aware that the feature should only be enabled where the server that squid is configured to be a reverse-proxy for is trusted.