CVE-2022-24766
published 2022-03-21CVE-2022-24766: mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.4 and below, a malicious client or server is able to perform HTTP request…
PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.58%
72.5th percentile
mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.4 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of another request/response's HTTP message body. While mitmproxy would only see one request, the target server would see multiple requests. A smuggled request is still captured as part of another request's body, but it does not appear in the request list and does not go through the usual mitmproxy event hooks, where users may have implemented custom access control checks or input sanitization. Unless mitmproxy is used to protect an HTTP/1 service, no action is required. The vulnerability has been fixed in mitmproxy 8.0.0 and above. There are currently no known workarounds.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | mitmproxy | < mitmproxy 8.1.1-1 (bookworm) | mitmproxy 8.1.1-1 (bookworm) |
| mitmproxy | mitmproxy | <= 7.0.4 | — |
| mitmproxy | mitmproxy | >= 0 < 8.1.1-1 | 8.1.1-1 |
| mitmproxy | mitmproxy | >= 0 < 8.1.1-1 | 8.1.1-1 |
| mitmproxy | mitmproxy | >= 0 < 8.0.0 | 8.0.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →HTTP request smuggling through mitmproxy: a malicious client/server smuggles a request/response as part of another request/response's HTTP message body — the smuggled request does not appear in the request list and bypasses mitmproxy event hooks ↗
- →Smuggled requests bypass custom access control and input sanitization hooks in mitmproxy — monitor for discrepancies between request counts seen by mitmproxy vs. the backend HTTP/1 server ↗
- →Vulnerability is only exploitable when mitmproxy is used to protect an HTTP/1 service — scope detection efforts to HTTP/1 backend deployments ↗
- ·Debian bullseye package remains unresolved/open as of the tracked data — deployments on bullseye are still vulnerable ↗
- ·No known workarounds exist; the only remediation is upgrading to mitmproxy 8.0.0+ ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2022-24766: mitmproxy - mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7....
vendor_debian·2022·CVSS 9.8
CVE-2022-24766 [CRITICAL] CVE-2022-24766: mitmproxy - mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7....
mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.4 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of another request/response's HTTP message body. While mitmproxy would only see one request, the target server would see multiple requests. A smuggled request is still captured as part of another request's body, but it does not appear in the request list and does not go through the usual mitmproxy event hooks, where users may have implemented custom access control checks or input sanitization. Unless mitmproxy is used to protect an HTTP/1 service, no action is required. The vulnerability has been fixe
OSV
Insufficient Protection against HTTP Request Smuggling in mitmproxy
osv·2022-03-22
CVE-2022-24766 [CRITICAL] Insufficient Protection against HTTP Request Smuggling in mitmproxy
Insufficient Protection against HTTP Request Smuggling in mitmproxy
### Impact
In mitmproxy 7.0.4 and below, a malicious client or server is able to perform [HTTP request smuggling](https://en.wikipedia.org/wiki/HTTP_request_smuggling) attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of another request/response's HTTP message body. While mitmproxy would only see one request, the target server would see multiple requests. A smuggled request is still captured as part of another request's body, but it does not appear in the request list and does not go through the usual mitmproxy event hooks, where users may have implemented custom access control checks or input sanitization.
Unless you use mitmproxy to protect
GHSA
Insufficient Protection against HTTP Request Smuggling in mitmproxy
ghsa·2022-03-22
CVE-2022-24766 [CRITICAL] CWE-444 Insufficient Protection against HTTP Request Smuggling in mitmproxy
Insufficient Protection against HTTP Request Smuggling in mitmproxy
### Impact
In mitmproxy 7.0.4 and below, a malicious client or server is able to perform [HTTP request smuggling](https://en.wikipedia.org/wiki/HTTP_request_smuggling) attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of another request/response's HTTP message body. While mitmproxy would only see one request, the target server would see multiple requests. A smuggled request is still captured as part of another request's body, but it does not appear in the request list and does not go through the usual mitmproxy event hooks, where users may have implemented custom access control checks or input sanitization.
Unless you use mitmproxy to protect
OSV
CVE-2022-24766: mitmproxy is an interactive, SSL/TLS-capable intercepting proxy
osv·2022-03-21·CVSS 9.8
CVE-2022-24766 [CRITICAL] CVE-2022-24766: mitmproxy is an interactive, SSL/TLS-capable intercepting proxy
mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.4 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of another request/response's HTTP message body. While mitmproxy would only see one request, the target server would see multiple requests. A smuggled request is still captured as part of another request's body, but it does not appear in the request list and does not go through the usual mitmproxy event hooks, where users may have implemented custom access control checks or input sanitization. Unless mitmproxy is used to protect an HTTP/1 service, no action is required. The vulnerability has been fixe
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/mitmproxy/mitmproxy/commit/b06fb6d157087d526bd02e7aadbe37c56865c71bhttps://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-gcx2-gvj7-pxv3https://mitmproxy.org/posts/releases/mitmproxy8/https://github.com/mitmproxy/mitmproxy/commit/b06fb6d157087d526bd02e7aadbe37c56865c71bhttps://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-gcx2-gvj7-pxv3https://mitmproxy.org/posts/releases/mitmproxy8/
2022-03-21
Published