Safety vulnerability ID: 41855
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Mitmproxy version 7.0.3 includes a fix for CVE-2021-39214: In mitmproxy 7.0.2 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of another request/response's HTTP message body. While a smuggled request is still captured as part of another request's body, it does not appear in the request list and does not go through the usual mitmproxy event hooks, where users may have implemented custom access control checks or input sanitization. Unless one uses mitmproxy to protect an HTTP/1 service, no action is required.
Latest version: 10.3.0
An interactive, SSL/TLS-capable intercepting proxy for HTTP/1, HTTP/2, and WebSockets.
* [CVE-2021-39214](https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-22gh-3r9q-xf38): Fix request smuggling vulnerabilities reported by chinchila
* Expose TLS 1.0 as possible minimum version on older pyOpenSSL releases
* Fix compatibility with Python 3.10
You can find the latest release packages at https://mitmproxy.org/downloads/.
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application