Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZtNTMtYzc4cS03cW1n

Mitmweb in mitmproxy allows DNS Rebinding attacks

mitmweb in mitmproxy before v4.0.4 allows DNS Rebinding attacks, related to tools/web/app.py.

Permalink: https://github.com/advisories/GHSA-6m53-c78q-7qmg
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZtNTMtYzc4cS03cW1n
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 6 years ago
Updated: about 2 months ago


CVSS Score: 8.8
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Identifiers: GHSA-6m53-c78q-7qmg, CVE-2018-14505
References: Repository: https://github.com/mitmproxy/mitmproxy
Blast Radius: 24.7

Affected Packages

pypi:mitmproxy
Dependent packages: 30
Dependent repositories: 639
Downloads: 316,413 last month
Affected Version Ranges: < 4.0.4
Fixed in: 4.0.4
All affected versions: 0.8.1, 0.9.1, 0.9.2, 0.10.1, 0.11.1, 0.11.2, 0.11.3, 0.12.0, 0.12.1, 0.14.0, 0.18.1, 0.18.2, 0.18.3, 1.0.0, 1.0.1, 1.0.2, 2.0.0, 2.0.1, 2.0.2, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 4.0.0, 4.0.1, 4.0.3
All unaffected versions: 4.0.4, 5.0.0, 5.0.1, 5.1.0, 5.1.1, 5.3.0, 6.0.0, 6.0.1, 6.0.2, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 8.0.0, 8.1.0, 8.1.1, 9.0.0, 9.0.1, 10.0.0, 10.1.0, 10.1.1, 10.1.2, 10.1.3, 10.1.4, 10.1.5, 10.1.6, 10.2.0, 10.2.1, 10.2.2, 10.2.3, 10.2.4, 10.3.0, 10.3.1, 10.4.0, 10.4.1, 10.4.2, 11.0.0