Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get() request in the _check_url method is specified as allow_redirects=True, which allows a server-side request forgery when a request to .well-known/assetlinks.json" returns a 302 redirect. This is a bypass of the fix for CVE-2024-29190 and is fixed in 3.9.7.
Metrics
Affected Vendors & Products
References
History
Tue, 03 Dec 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mobsf
Mobsf mobile Security Framework |
|
CPEs | cpe:2.3:a:mobsf:mobile_security_framework:*:*:*:*:*:*:*:* | |
Vendors & Products |
Mobsf
Mobsf mobile Security Framework |
|
Metrics |
ssvc
|
Tue, 03 Dec 2024 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get() request in the _check_url method is specified as allow_redirects=True, which allows a server-side request forgery when a request to .well-known/assetlinks.json" returns a 302 redirect. This is a bypass of the fix for CVE-2024-29190 and is fixed in 3.9.7. | |
Title | Mobile Security Framework (MobSF) bypass of SSRF fix | |
Weaknesses | CWE-918 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-12-03T15:33:56.232Z
Updated: 2024-12-03T17:01:38.678Z
Reserved: 2024-11-25T23:14:36.384Z
Link: CVE-2024-54000
Vulnrichment
Updated: 2024-12-03T17:01:32.098Z
NVD
Status : Received
Published: 2024-12-03T16:15:24.380
Modified: 2024-12-03T16:15:24.380
Link: CVE-2024-54000
Redhat
No data.