{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-10T21:48:27.340","vulnerabilities":[{"cve":{"id":"CVE-2021-39214","sourceIdentifier":"security-advisories@github.com","published":"2021-09-16T15:15:07.460","lastModified":"2024-11-21T06:18:55.243","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.2 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of another request/response's HTTP message body. While a smuggled request is still captured as part of another request's body, it does not appear in the request list and does not go through the usual mitmproxy event hooks, where users may have implemented custom access control checks or input sanitization. Unless one uses mitmproxy to protect an HTTP/1 service, no action is required. The vulnerability has been fixed in mitmproxy 7.0.3 and above."},{"lang":"es","value":"mitmproxy es un proxy interactivo con capacidad de interceptación SSL/TLS. En mitmproxy versiones 7.0.2 y por debajo, un cliente o servidor malicioso es capaz de llevar a cabo ataques de contrabando de peticiones HTTP mediante mitmproxy. Esto significa que un cliente/servidor malicioso podría pasar de contrabando una petición/respuesta mediante mitmproxy como parte del cuerpo del mensaje HTTP de otra petición/respuesta. Mientras que una petición de contrabando sigue siendo capturada como parte del cuerpo de otra petición, no aparece en la lista de peticiones y no pasa por los ganchos de eventos habituales de mitmproxy, donde los usuarios pueden haber implementado comprobaciones de control de acceso personalizadas o saneo de entradas. A menos que se use mitmproxy para proteger un servicio HTTP/1, no es requerida ninguna acción. La vulnerabilidad ha sido corregida en mitmproxy versiones 7.0.3 y superiores"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-444"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mitmproxy:mitmproxy:*:*:*:*:*:*:*:*","versionEndIncluding":"7.0.2","matchCriteriaId":"B8BF4DAA-4BE5-4F62-9B5C-A230FB0F0832"}]}]}],"references":[{"url":"https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-22gh-3r9q-xf38","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-22gh-3r9q-xf38","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}