Moderate severityNVD Advisory· Published Apr 4, 2024· Updated Aug 2, 2024
Mobile Security Framework (MobSF) vulnerable to Server-Side Request Forgery (SSRF) in firebase database check
CVE-2024-31215
Description
Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. A SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s infrastructure. When a malicious app is uploaded to Static analyzer, it is possible to make internal requests. This vulnerability has been patched in version 3.9.8.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mobsfPyPI | < 3.9.8 | 3.9.8 |
Affected products
1- Range: <= 3.9.7
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-wpff-wm84-x5cxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-31215ghsaADVISORY
- github.com/MobSF/Mobile-Security-Framework-MobSF/commit/43bb71d115d78c03faa82d75445dd908e9b32716ghsax_refsource_MISCWEB
- github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2373ghsax_refsource_MISCWEB
- github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-wpff-wm84-x5cxghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.