Homepage

mitmproxy@10.1.3 vulnerabilities

An interactive, SSL/TLS-capable intercepting proxy for HTTP/1, HTTP/2, and WebSockets.

  • latest version

    12.2.1

  • latest non vulnerable version

    12.2.1

  • first published

    13 years ago

  • latest version published

    19 days ago

  • licenses detected

  • View mitmproxy package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the mitmproxy package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Unintended Proxy or Intermediary ('Confused Deputy')

    mitmproxy is an interactive, SSL/TLS-capable intercepting proxy with a console interface for HTTP/1, HTTP/2, and WebSockets.

    Affected versions of this package are vulnerable to Unintended Proxy or Intermediary ('Confused Deputy') through the proxy server configuration. An attacker can escalate unauthorized access and potentially execute arbitrary code by exploiting the proxy to route requests to the internal API.

    Notes:

    1. The mitmproxy and mitmdump tools are unaffected. Only mitmweb is affected;

    2. This is only exploitable if the attacker is in the same local network.

    How to fix Unintended Proxy or Intermediary ('Confused Deputy')?

    Upgrade mitmproxy to version 11.1.2 or higher.

    [,11.1.2)
    Go back to all versions of this package