5 matches found
EUVD-2025-29450
Malicious code in bioql PyPI...
HTTP Request Smuggling (HRS)
mitmproxy is vulnerable to HTTP request smuggling. The vulnerability is due to mitmproxy embedding python-hyper/h2 ≤ v4.2.0 which has a gap in its HTTP/2 header validation, which allows an attacker to smuggle requests when mitmproxy translates HTTP/2 to HTTP/1...
GHSA-63CX-G855-HVV4 mitmproxy binaries embed a vulnerable python-hyper/h2 dependency
mitmproxy 12.1.1 and below embed python-hyper/h2 ≤ v4.2.0, which has a gap in its HTTP/2 header validation. This enables request smuggling attacks when mitmproxy is in a configuration where it translates HTTP/2 to HTTP/1. For example, this affects reverse proxies to http:// backends. It does not...
mitmproxy binaries embed a vulnerable python-hyper/h2 dependency
mitmproxy 12.1.1 and below embed python-hyper/h2 ≤ v4.2.0, which has a gap in its HTTP/2 header validation. This enables request smuggling attacks when mitmproxy is in a configuration where it translates HTTP/2 to HTTP/1. For example, this affects reverse proxies to http:// backends. It does not...
python-hyper h2 注入漏洞
python-hyper h2 is a Python HTTP/2 protocol implementation of Hyper open source. An injection vulnerability exists in python-hyper h2 versions prior to 4.3.0, which stems from HTTP2 request splitting and could lead to a request smuggling attack...