VulnerableCode Package Details - pkg:pypi/mitmproxy@3.0.4

Search for packages

Vulnerability	Summary	Fixed by
VCID-en25-4xhd-pbfh Aliases: CVE-2018-14505 GHSA-6m53-c78q-7qmg PYSEC-2018-56	mitmweb in mitmproxy v4.0.3 allows DNS Rebinding attacks, related to tools/web/app.py.	4.0.4 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-guzc-geeb-8fh1 Aliases: CVE-2021-39214 GHSA-22gh-3r9q-xf38 PYSEC-2021-328	url request injection	7.0.3 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-phs8-y454-pyfm Aliases: CVE-2022-24766 GHSA-gcx2-gvj7-pxv3 PYSEC-2022-170	mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.4 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of another request/response's HTTP message body. While mitmproxy would only see one request, the target server would see multiple requests. A smuggled request is still captured as part of another request's body, but it does not appear in the request list and does not go through the usual mitmproxy event hooks, where users may have implemented custom access control checks or input sanitization. Unless mitmproxy is used to protect an HTTP/1 service, no action is required. The vulnerability has been fixed in mitmproxy 8.0.0 and above. There are currently no known workarounds.	8.0.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-v66z-2xeg-63gv Aliases: CVE-2026-40606 GHSA-527g-3w9m-29hv PYSEC-2026-92	mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmproxy 12.2.1 and below, the builtin LDAP proxy authentication does not correctly sanitize the username when querying the LDAP server. This allows a malicious client to bypass authentication. Only mitmproxy instances using the proxyauth option with LDAP are affected. This option is not enabled by default. The vulnerability has been fixed in mitmproxy 12.2.2 and above.	12.2.2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-en25-4xhd-pbfh
Aliases:
CVE-2018-14505
GHSA-6m53-c78q-7qmg
PYSEC-2018-56

mitmweb in mitmproxy v4.0.3 allows DNS Rebinding attacks, related to tools/web/app.py.

4.0.4
Affected by 3 other vulnerabilities.

VCID-guzc-geeb-8fh1
Aliases:
CVE-2021-39214
GHSA-22gh-3r9q-xf38
PYSEC-2021-328

url request injection

7.0.3
Affected by 2 other vulnerabilities.

VCID-phs8-y454-pyfm
Aliases:
CVE-2022-24766
GHSA-gcx2-gvj7-pxv3
PYSEC-2022-170

mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.4 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of another request/response's HTTP message body. While mitmproxy would only see one request, the target server would see multiple requests. A smuggled request is still captured as part of another request's body, but it does not appear in the request list and does not go through the usual mitmproxy event hooks, where users may have implemented custom access control checks or input sanitization. Unless mitmproxy is used to protect an HTTP/1 service, no action is required. The vulnerability has been fixed in mitmproxy 8.0.0 and above. There are currently no known workarounds.

8.0.0
Affected by 1 other vulnerability.

VCID-v66z-2xeg-63gv
Aliases:
CVE-2026-40606
GHSA-527g-3w9m-29hv
PYSEC-2026-92

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmproxy 12.2.1 and below, the builtin LDAP proxy authentication does not correctly sanitize the username when querying the LDAP server. This allows a malicious client to bypass authentication. Only mitmproxy instances using the proxyauth option with LDAP are affected. This option is not enabled by default. The vulnerability has been fixed in mitmproxy 12.2.2 and above.

12.2.2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-31T09:59:09.855002+00:00	GHSA Importer	Affected by	VCID-en25-4xhd-pbfh	https://github.com/advisories/GHSA-6m53-c78q-7qmg	38.6.0
2026-05-31T09:48:36.292263+00:00	GitLab Importer	Affected by	VCID-en25-4xhd-pbfh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mitmproxy/CVE-2018-14505.yml	38.6.0
2026-05-31T09:47:53.343395+00:00	PyPI Importer	Affected by	VCID-v66z-2xeg-63gv	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-05-31T09:44:06.584472+00:00	PyPI Importer	Affected by	VCID-phs8-y454-pyfm	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-05-31T09:42:46.540402+00:00	PyPI Importer	Affected by	VCID-guzc-geeb-8fh1	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-05-31T09:37:16.272580+00:00	PyPI Importer	Affected by	VCID-en25-4xhd-pbfh	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-05-30T20:38:15.753041+00:00	Pypa Importer	Affected by	VCID-v66z-2xeg-63gv	https://github.com/pypa/advisory-database/blob/main/vulns/mitmproxy/PYSEC-2026-92.yaml	38.6.0
2026-05-30T20:30:09.573356+00:00	Pypa Importer	Affected by	VCID-phs8-y454-pyfm	https://github.com/pypa/advisory-database/blob/main/vulns/mitmproxy/PYSEC-2022-170.yaml	38.6.0
2026-05-30T20:27:39.982563+00:00	Pypa Importer	Affected by	VCID-guzc-geeb-8fh1	https://github.com/pypa/advisory-database/blob/main/vulns/mitmproxy/PYSEC-2021-328.yaml	38.6.0
2026-05-30T20:17:51.678605+00:00	Pypa Importer	Affected by	VCID-en25-4xhd-pbfh	https://github.com/pypa/advisory-database/blob/main/vulns/mitmproxy/PYSEC-2018-56.yaml	38.6.0