Vulnerability	Vulnerable Version
M Unintended Proxy or Intermediary ('Confused Deputy') marimo is an A library for making reactive notebooks and apps Affected versions of this package are vulnerable to Unintended Proxy or Intermediary ('Confused Deputy') via the `/mpl/{port}/` endpoint, which acts as an unauthenticated proxy. An attacker can access internal services and arbitrary ports by sending crafted requests to this endpoint, potentially bypassing firewalls and reaching services intended to be local-only. This can result in exposure of sensitive data, unauthorized access to internal resources, or further compromise of the host system. How to fix Unintended Proxy or Intermediary ('Confused Deputy')? Upgrade `marimo` to version 0.16.4 or higher.	[0.9.20,0.16.4)

Unintended Proxy or Intermediary ('Confused Deputy')

marimo is an A library for making reactive notebooks and apps

Affected versions of this package are vulnerable to Unintended Proxy or Intermediary ('Confused Deputy') via the /mpl/{port}/ endpoint, which acts as an unauthenticated proxy. An attacker can access internal services and arbitrary ports by sending crafted requests to this endpoint, potentially bypassing firewalls and reaching services intended to be local-only. This can result in exposure of sensitive data, unauthorized access to internal resources, or further compromise of the host system.

How to fix Unintended Proxy or Intermediary ('Confused Deputy')?

Upgrade marimo to version 0.16.4 or higher.

[0.9.20,0.16.4)

Go back to all versions of this package