Safety vulnerability ID: 76341
The information on this page was manually curated by our Cybersecurity Intelligence Team.
In mitmweb 11.1.0 and below, a malicious client can use mitmweb's proxy server (bound to *:8080 by default) to access mitmweb's internal API (bound to 127.0.0.1:8081 by default). In other words, while the client cannot access the API directly (good), they can access the API through the proxy (bad). An attacker may be able to escalate this SSRF-style access to remote code execution. The mitmproxy and mitmdump tools are unaffected. Only mitmweb is affected. The block_global option, which is enabled by default, blocks connections originating from publicly routable IP addresses in the proxy. The attacker needs to be on the same local network.
Latest version: 11.1.3
An interactive, SSL/TLS-capable intercepting proxy for HTTP/1, HTTP/2, and WebSockets.
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application