CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31215 – Mobile Security Framework (MobSF) vulnerable to Server-Side Request Forgery (SSRF) in firebase database check
https://notcve.org/view.php?id=CVE-2024-31215
04 Apr 2024 — Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. A SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s infrastructure. When a malicious app is uploaded to Static analyzer, it is possible to make internal requests. This vulnerability has been patched in version 3.9.8. Mobile Security Framework (MobSF) es una plataforma de inve... • https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/43bb71d115d78c03faa82d75445dd908e9b32716 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29190 – MobSF SSRF Vulnerability on assetlinks_check(act_name, well_knowns)
https://notcve.org/view.php?id=CVE-2024-29190
22 Mar 2024 — Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in `android:host`, so requests can also be sent to local hostnames. This can lead to server-side request forgery. An attacker can cause the server to make a connection to internal-only services within the organization's infrastructure. Commit 5a8eeee7... • https://drive.google.com/file/d/1nbKMd2sKosbJef5Mh4DxjcHcQ8Hw0BNR/view?usp=share_link • CWE-918: Server-Side Request Forgery (SSRF) •