VulnerableCode Package Details - pkg:deb/debian/mitmproxy@6.0.2-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-45ch-mkwb-3kdd Aliases: CVE-2021-39214 GHSA-22gh-3r9q-xf38 PYSEC-2021-328	url request injection	8.1.1-2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-5jd1-5kku-zucw Aliases: CVE-2022-24766 GHSA-gcx2-gvj7-pxv3 PYSEC-2022-170	mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.4 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of another request/response's HTTP message body. While mitmproxy would only see one request, the target server would see multiple requests. A smuggled request is still captured as part of another request's body, but it does not appear in the request list and does not go through the usual mitmproxy event hooks, where users may have implemented custom access control checks or input sanitization. Unless mitmproxy is used to protect an HTTP/1 service, no action is required. The vulnerability has been fixed in mitmproxy 8.0.0 and above. There are currently no known workarounds.	8.1.1-2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-aw9d-tqxp-d3c8 Aliases: CVE-2025-23217 GHSA-wg33-5h85-7q5p	mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server (bound to `*:8080` by default) to access mitmweb's internal API (bound to `127.0.0.1:8081` by default). In other words, while the cannot access the API directly, they can access the API through the proxy. An attacker may be able to escalate this SSRF-style access to remote code execution. The mitmproxy and mitmdump tools are unaffected. Only mitmweb is affected. This vulnerability has been fixed in mitmproxy 11.1.2 and above. Users are advised to upgrade. There are no known workarounds for this vulnerability.	8.1.1-4 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-45ch-mkwb-3kdd
Aliases:
CVE-2021-39214
GHSA-22gh-3r9q-xf38
PYSEC-2021-328

url request injection

8.1.1-2
Affected by 1 other vulnerability.

VCID-5jd1-5kku-zucw
Aliases:
CVE-2022-24766
GHSA-gcx2-gvj7-pxv3
PYSEC-2022-170

mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.4 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of another request/response's HTTP message body. While mitmproxy would only see one request, the target server would see multiple requests. A smuggled request is still captured as part of another request's body, but it does not appear in the request list and does not go through the usual mitmproxy event hooks, where users may have implemented custom access control checks or input sanitization. Unless mitmproxy is used to protect an HTTP/1 service, no action is required. The vulnerability has been fixed in mitmproxy 8.0.0 and above. There are currently no known workarounds.

8.1.1-2
Affected by 1 other vulnerability.

VCID-aw9d-tqxp-d3c8
Aliases:
CVE-2025-23217
GHSA-wg33-5h85-7q5p

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server (bound to `*:8080` by default) to access mitmweb's internal API (bound to `127.0.0.1:8081` by default). In other words, while the cannot access the API directly, they can access the API through the proxy. An attacker may be able to escalate this SSRF-style access to remote code execution. The mitmproxy and mitmdump tools are unaffected. Only mitmweb is affected. This vulnerability has been fixed in mitmproxy 11.1.2 and above. Users are advised to upgrade. There are no known workarounds for this vulnerability.

8.1.1-4
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-13T01:17:31.687194+00:00	Debian Importer	Affected by	VCID-45ch-mkwb-3kdd	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-06-13T00:25:47.970386+00:00	Debian Importer	Affected by	VCID-aw9d-tqxp-d3c8	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-06-13T00:15:07.659089+00:00	Debian Importer	Affected by	VCID-5jd1-5kku-zucw	https://security-tracker.debian.org/tracker/data/json	38.6.0