Homepage

mitmproxy@11.1.0 vulnerabilities

An interactive, SSL/TLS-capable intercepting proxy for HTTP/1, HTTP/2, and WebSockets.

  • latest version

    11.1.2

  • latest non vulnerable version

    11.1.2

  • first published

    12 years ago

  • latest version published

    6 days ago

  • licenses detected

  • View mitmproxy package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the mitmproxy package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Unintended Proxy or Intermediary ('Confused Deputy')

    mitmproxy is an interactive, SSL/TLS-capable intercepting proxy with a console interface for HTTP/1, HTTP/2, and WebSockets.

    Affected versions of this package are vulnerable to Unintended Proxy or Intermediary ('Confused Deputy') through the proxy server configuration. An attacker can escalate unauthorized access and potentially execute arbitrary code by exploiting the proxy to route requests to the internal API.

    Notes:

    1. The mitmproxy and mitmdump tools are unaffected. Only mitmweb is affected;

    2. This is only exploitable if the attacker is in the same local network.

    How to fix Unintended Proxy or Intermediary ('Confused Deputy')?

    Upgrade mitmproxy to version 11.1.2 or higher.

    [,11.1.2)
    Go back to all versions of this package