31 matches found
EUVD-2025-3147
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-23217
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmprox...
CVE-2025-23217
mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server bound to :8080 by default to access mitmweb's internal...
SUSE CVE-2025-23217
mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server bound to :8080 by default to access mitmweb's internal...
DEBIAN-CVE-2025-23217
mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server bound to :8080 by default to access mitmweb's internal...
CVE-2025-23217
mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server bound to :8080 by default to access mitmweb's internal...
UBUNTU-CVE-2025-23217
mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server bound to :8080 by default to access mitmweb's internal...
CVE-2025-23217 Mitmweb API Authentication Bypass Using Proxy Server
mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server bound to :8080 by default to access mitmweb's internal...
CVE-2025-23217 Mitmweb API Authentication Bypass Using Proxy Server
mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server bound to :8080 by default to access mitmweb's internal...
CVE-2025-23217
CVE-2025-23217 affects mitmweb (the web UI of mitmproxy). In versions 11.1.1 and earlier, a malicious client connected to mitmweb’s proxy server (default bind 0.0.0.0:8080) could reach mitmweb’s internal API (127.0.0.1:8081) through the proxy, enabling SSRF-style access that may lead to remote co...
CVE-2025-23217 Mitmweb API Authentication Bypass Using Proxy Server
mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server bound to :8080 by default to access mitmweb's internal...
CVE-2025-23217
mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server bound to :8080 by default to access mitmweb's internal...
CVE-2025-23217
mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server bound to :8080 by default to access mitmweb's internal...
Unintended Proxy or Intermediary ('Confused Deputy')
Overview mitmproxy is an interactive, SSL/TLS-capable intercepting proxy with a console interface for HTTP/1, HTTP/2, and WebSockets. Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' through the proxy server configuration. An attacker can...
GHSA-WG33-5H85-7Q5P Mitmweb API Authentication Bypass Using Proxy Server
Impact In mitmweb 11.1.0 and below, a malicious client can use mitmweb's proxy server bound to :8080 by default to access mitmweb's internal API bound to 127.0.0.1:8081 by default. In other words, while the client cannot access the API directly good, they can access the API through the proxy bad...
Mitmweb API Authentication Bypass Using Proxy Server
Impact In mitmweb 11.1.0 and below, a malicious client can use mitmweb's proxy server bound to :8080 by default to access mitmweb's internal API bound to 127.0.0.1:8081 by default. In other words, while the client cannot access the API directly good, they can access the API through the proxy bad...
PT-2025-5851 · Mitmproxy +3 · Mitmproxy +3
Name of the Vulnerable Software and Affected Versions: mitmweb versions 11.1.1 and below mitmproxy versions 11.1.1 and below Description: A malicious client can use mitmweb's proxy server to access mitmweb's internal API, potentially leading to remote code execution. The mitmproxy and mitmdump...
SUSE CVE-2018-14505
mitmweb in mitmproxy v4.0.3 allows DNS Rebinding attacks, related to tools/web/app.py...
Xepor - Web Routing Framework For Reverse Engineers And Security Researchers, Brings The Best Of Mitmproxy And Flask
Xepor pronounced /ˈzɛfə/ , zephyr, a web routing framework for reverse engineers and security researchers. It provides a Flask-like API for hackers to intercept and modify HTTP request and/or HTTP response in a human-friendly coding style. This project is meant to be used with mitmproxy. User wri...
Mitmweb in mitmproxy allows DNS Rebinding attacks
mitmweb in mitmproxy before v4.0.4 allows DNS Rebinding attacks, related to tools/web/app.py...