Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZtNTMtYzc4cS03cW1n
Mitmweb in mitmproxy allows DNS Rebinding attacks
mitmweb in mitmproxy before v4.0.4 allows DNS Rebinding attacks, related to tools/web/app.py.
Permalink: https://github.com/advisories/GHSA-6m53-c78q-7qmgJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZtNTMtYzc4cS03cW1n
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 6 years ago
Updated: about 2 months ago
CVSS Score: 8.8
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Identifiers: GHSA-6m53-c78q-7qmg, CVE-2018-14505
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-14505
- https://github.com/mitmproxy/mitmproxy/issues/3234
- https://github.com/mitmproxy/mitmproxy/pull/3243
- https://github.com/advisories/GHSA-6m53-c78q-7qmg
- https://github.com/mitmproxy/mitmproxy/commit/7f464b89296881f4d9ec032378c4418e832d17e3
- https://github.com/pypa/advisory-database/tree/main/vulns/mitmproxy/PYSEC-2018-56.yaml
Blast Radius: 24.7
Affected Packages
pypi:mitmproxy
Dependent packages: 30Dependent repositories: 639
Downloads: 316,413 last month
Affected Version Ranges: < 4.0.4
Fixed in: 4.0.4
All affected versions: 0.8.1, 0.9.1, 0.9.2, 0.10.1, 0.11.1, 0.11.2, 0.11.3, 0.12.0, 0.12.1, 0.14.0, 0.18.1, 0.18.2, 0.18.3, 1.0.0, 1.0.1, 1.0.2, 2.0.0, 2.0.1, 2.0.2, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 4.0.0, 4.0.1, 4.0.3
All unaffected versions: 4.0.4, 5.0.0, 5.0.1, 5.1.0, 5.1.1, 5.3.0, 6.0.0, 6.0.1, 6.0.2, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 8.0.0, 8.1.0, 8.1.1, 9.0.0, 9.0.1, 10.0.0, 10.1.0, 10.1.1, 10.1.2, 10.1.3, 10.1.4, 10.1.5, 10.1.6, 10.2.0, 10.2.1, 10.2.2, 10.2.3, 10.2.4, 10.3.0, 10.3.1, 10.4.0, 10.4.1, 10.4.2, 11.0.0