In Squid before 4.9, when certain web browsers are used, mishandles HTML in the host parameter to cachemgr.cgi which could result in squid behaving in unsecure way
The cachemgr.cgi script is not used by default. If you've set this up manually and are worried about this issue, remove it from your server.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2020:4743 https://access.redhat.com/errata/RHSA-2020:4743