CVE-2024-54000 – Mobile Security Framework (MobSF) Server-Side Request Forgery (SSRF)

12月 3, 2024
5:16 pm

CVE ID : CVE-2024-54000

Published : Dec. 3, 2024, 4:15 p.m. | 1 hour, 1 minute ago

Description : Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get() request in the _check_url method is specified as allow_redirects=True, which allows a server-side request forgery when a request to .well-known/assetlinks.json” returns a 302 redirect. This is a bypass of the fix for CVE-2024-29190 and is fixed in 3.9.7.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-54000 – Mobile Security Framework (MobSF) Server-Side Request Forgery (SSRF)

Elvescore.io

Recent Posts

CVE-2024-12949 – Code-projects Travel Management System SQL Injection Vulnerability

CVE-2024-12950 – Adobe Code-Projects Travel Management System SQL Injection Vulnerability

CVE-2024-47148 – Honor Privilege Assignment Vulnerability

CVE-2024-47153 – Honor Information Leak Vulnerability

CVE-2024-47154 – Honor Information Leak Vulnerability

CVE-2024-47155 – Honor Information Leak Vulnerability

CVE-2024-54000 – Mobile Security Framework (MobSF) Server-Side Request Forgery (SSRF)

CVE-2024-54000 – Mobile Security Framework (MobSF) Server-Side Request Forgery (SSRF)