CVE-2018-14505
HIGH8.8EPSS 0.34%Mitmweb in mitmproxy allows DNS Rebinding attacks
Published: 7/31/2018Modified: 4/28/2026
Description
mitmweb in mitmproxy v4.0.3 allows DNS Rebinding attacks, related to tools/web/app.py.
Affected packages (3)
- Debian/mitmproxyfrom 0, < 3.0.4-1
- PyPI/mitmproxyfrom 0, < 4.0.4
- PyPI/mitmproxyfrom 0, < 4.0.4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
References (8)
- ADVISORYhttps://github.com/advisories/GHSA-6m53-c78q-7qmg
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-14505
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2018-14505
- PATCHhttps://github.com/mitmproxy/mitmproxy
- WEBhttps://github.com/mitmproxy/mitmproxy/commit/7f464b89296881f4d9ec032378c4418e832d17e3
- WEBhttps://github.com/mitmproxy/mitmproxy/issues/3234
- WEBhttps://github.com/mitmproxy/mitmproxy/pull/3243
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/mitmproxy/PYSEC-2018-56.yaml