VulnerableCode Package Details - pkg:pypi/mitmproxy@6.0.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-8xbk-3z3r-nkfh Aliases: CVE-2022-24766 GHSA-gcx2-gvj7-pxv3 PYSEC-2022-170	mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.4 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of another request/response's HTTP message body. While mitmproxy would only see one request, the target server would see multiple requests. A smuggled request is still captured as part of another request's body, but it does not appear in the request list and does not go through the usual mitmproxy event hooks, where users may have implemented custom access control checks or input sanitization. Unless mitmproxy is used to protect an HTTP/1 service, no action is required. The vulnerability has been fixed in mitmproxy 8.0.0 and above. There are currently no known workarounds.	8.0.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-f126-n8nd-jfgs Aliases: CVE-2021-39214 GHSA-22gh-3r9q-xf38 PYSEC-2021-328	url request injection	7.0.3 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-qgvt-wb92-9kbw Aliases: CVE-2026-40606 GHSA-527g-3w9m-29hv PYSEC-2026-92	mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmproxy 12.2.1 and below, the builtin LDAP proxy authentication does not correctly sanitize the username when querying the LDAP server. This allows a malicious client to bypass authentication. Only mitmproxy instances using the proxyauth option with LDAP are affected. This option is not enabled by default. The vulnerability has been fixed in mitmproxy 12.2.2 and above.	12.2.2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-8xbk-3z3r-nkfh
Aliases:
CVE-2022-24766
GHSA-gcx2-gvj7-pxv3
PYSEC-2022-170

mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.4 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of another request/response's HTTP message body. While mitmproxy would only see one request, the target server would see multiple requests. A smuggled request is still captured as part of another request's body, but it does not appear in the request list and does not go through the usual mitmproxy event hooks, where users may have implemented custom access control checks or input sanitization. Unless mitmproxy is used to protect an HTTP/1 service, no action is required. The vulnerability has been fixed in mitmproxy 8.0.0 and above. There are currently no known workarounds.

8.0.0
Affected by 1 other vulnerability.

VCID-f126-n8nd-jfgs
Aliases:
CVE-2021-39214
GHSA-22gh-3r9q-xf38
PYSEC-2021-328

url request injection

7.0.3
Affected by 2 other vulnerabilities.

VCID-qgvt-wb92-9kbw
Aliases:
CVE-2026-40606
GHSA-527g-3w9m-29hv
PYSEC-2026-92

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmproxy 12.2.1 and below, the builtin LDAP proxy authentication does not correctly sanitize the username when querying the LDAP server. This allows a malicious client to bypass authentication. Only mitmproxy instances using the proxyauth option with LDAP are affected. This option is not enabled by default. The vulnerability has been fixed in mitmproxy 12.2.2 and above.

12.2.2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:24:53.257548+00:00	Pypa Importer	Affected by	VCID-qgvt-wb92-9kbw	https://github.com/pypa/advisory-database/blob/main/vulns/mitmproxy/PYSEC-2026-92.yaml	38.6.0
2026-06-02T04:17:10.732307+00:00	Pypa Importer	Affected by	VCID-8xbk-3z3r-nkfh	https://github.com/pypa/advisory-database/blob/main/vulns/mitmproxy/PYSEC-2022-170.yaml	38.6.0
2026-06-02T04:14:42.625716+00:00	Pypa Importer	Affected by	VCID-f126-n8nd-jfgs	https://github.com/pypa/advisory-database/blob/main/vulns/mitmproxy/PYSEC-2021-328.yaml	38.6.0