VulnerableCode Package Details - pkg:pypi/mitmproxy@11.1.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-e5xb-axub-vkfx Aliases: CVE-2025-23217 GHSA-wg33-5h85-7q5p		11.1.2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-exwy-e5qk-a7az Aliases: GHSA-63cx-g855-hvv4	mitmproxy binaries embed a vulnerable python-hyper/h2 dependency mitmproxy 12.1.1 and below embed python-hyper/h2 ≤ v4.2.0, which has a gap in its HTTP/2 header validation. This enables request smuggling attacks when mitmproxy is in a configuration where it translates HTTP/2 to HTTP/1. For example, this affects reverse proxies to `http://` backends. It does not affect mitmproxy's regular mode. All users are encouraged to upgrade to mitmproxy 12.1.2, which includes a fixed version of h2. More details about the vulnerability itself can be found at https://github.com/python-hyper/h2/security/advisories/GHSA-847f-9342-265h.	12.1.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-v66z-2xeg-63gv Aliases: CVE-2026-40606 GHSA-527g-3w9m-29hv PYSEC-2026-92	mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmproxy 12.2.1 and below, the builtin LDAP proxy authentication does not correctly sanitize the username when querying the LDAP server. This allows a malicious client to bypass authentication. Only mitmproxy instances using the proxyauth option with LDAP are affected. This option is not enabled by default. The vulnerability has been fixed in mitmproxy 12.2.2 and above.	12.2.2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-e5xb-axub-vkfx
Aliases:
CVE-2025-23217
GHSA-wg33-5h85-7q5p

11.1.2
Affected by 2 other vulnerabilities.

VCID-exwy-e5qk-a7az
Aliases:
GHSA-63cx-g855-hvv4

mitmproxy binaries embed a vulnerable python-hyper/h2 dependency mitmproxy 12.1.1 and below embed python-hyper/h2 ≤ v4.2.0, which has a gap in its HTTP/2 header validation. This enables request smuggling attacks when mitmproxy is in a configuration where it translates HTTP/2 to HTTP/1. For example, this affects reverse proxies to `http://` backends. It does not affect mitmproxy's regular mode. All users are encouraged to upgrade to mitmproxy 12.1.2, which includes a fixed version of h2. More details about the vulnerability itself can be found at https://github.com/python-hyper/h2/security/advisories/GHSA-847f-9342-265h.

12.1.2
Affected by 1 other vulnerability.

VCID-v66z-2xeg-63gv
Aliases:
CVE-2026-40606
GHSA-527g-3w9m-29hv
PYSEC-2026-92

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmproxy 12.2.1 and below, the builtin LDAP proxy authentication does not correctly sanitize the username when querying the LDAP server. This allows a malicious client to bypass authentication. Only mitmproxy instances using the proxyauth option with LDAP are affected. This option is not enabled by default. The vulnerability has been fixed in mitmproxy 12.2.2 and above.

12.2.2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-01T08:51:07.905293+00:00	GitLab Importer	Affected by	VCID-exwy-e5qk-a7az	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mitmproxy/GHSA-63cx-g855-hvv4.yml	38.6.0
2026-06-01T08:30:38.612520+00:00	GitLab Importer	Affected by	VCID-e5xb-axub-vkfx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mitmproxy/CVE-2025-23217.yml	38.6.0
2026-05-31T09:47:53.430470+00:00	PyPI Importer	Affected by	VCID-v66z-2xeg-63gv	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-05-30T20:38:15.950597+00:00	Pypa Importer	Affected by	VCID-v66z-2xeg-63gv	https://github.com/pypa/advisory-database/blob/main/vulns/mitmproxy/PYSEC-2026-92.yaml	38.6.0