CVE-2021-39214

Опубликовано: 16 сент. 2021

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 7.5

CVSS3: 8.1

Описание

mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.2 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of another request/response's HTTP message body. While a smuggled request is still captured as part of another request's body, it does not appear in the request list and does not go through the usual mitmproxy event hooks, where users may have implemented custom access control checks or input sanitization. Unless one uses mitmproxy to protect an HTTP/1 service, no action is required. The vulnerability has been fixed in mitmproxy 7.0.3 and above.

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	needs-triage
esm-apps/bionic	needs-triage
esm-apps/focal	needs-triage
esm-apps/jammy	needs-triage
esm-apps/noble	needs-triage
esm-apps/xenial	needs-triage
esm-infra-legacy/trusty	DNE
focal	ignored	end of standard support, was needs-triage
hirsute	ignored	end of life

Показывать по

Ссылки на источники

EPSS

Процентиль: 42%

0.00193

Низкий

7.5 High

CVSS2

8.1 High

CVSS3

Связанные уязвимости

CVE-2021-39214

CVSS3: 8.1

nvd

почти 4 года назад

CVE-2021-39214

CVSS3: 8.1

debian

почти 4 года назад

mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mi ...

openSUSE-SU-2023:0233-1

suse-cvrf

почти 2 года назад

Security update for python-mitmproxy

openSUSE-SU-2023:0232-1

suse-cvrf

почти 2 года назад

Security update for python-mitmproxy

GHSA-22gh-3r9q-xf38

CVSS3: 8.1

github

почти 4 года назад

Lacking Protection against HTTP Request Smuggling in mitmproxy

EPSS

Процентиль: 42%

0.00193

Низкий

7.5 High

CVSS2

8.1 High

CVSS3

CVE-2021-39214

Описание

Пакет mitmproxy

Ссылки на источники

Связанные уязвимости