Advisories for Pypi/Mitmproxy package

2022

Insufficient Protection against HTTP Request Smuggling in mitmproxy

mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.4 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of another request/response's HTTP message body. While mitmproxy would only see one request, the target server would see multiple requests. A smuggled request is still captured as part of …

2021

Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)

mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of another request/response's HTTP message body. While a smuggled request is still captured as part of another request's body, it does not appear in the request list and does not go through …

2018

Improper Input Validation

mitmproxy is vulnerable to DNS Rebinding attacks.