squid3 is vulnerable to arbitrary code execution. The vulnerability exists as squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer, that allows encoded URLs to bypass the url_regex
check.