exploitDog

GHSA-f42p-vc8p-7x54

Опубликовано: 18 окт. 2022

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

MobSF allows attackers to read arbitrary files via a crafted HTTP request

Mobile Security Framework (MobSF) v0.9.2 and below was discovered to contain a local file inclusion (LFI) vulnerability in the StaticAnalyzer/views.py script. This vulnerability allows attackers to read arbitrary files via a crafted HTTP request.

Ссылки

Пакеты

Наименование

mobsf

pip

Затронутые версииВерсия исправления

< 0.9.3

0.9.3

EPSS

Процентиль: 83%

0.01855

Низкий

7.5 High

CVSS3

CVE ID

Связанные уязвимости

CVE-2022-41547

CVSS3: 7.5

nvd

больше 3 лет назад

Mobile Security Framework (MobSF) v0.9.2 and below was discovered to contain a local file inclusion (LFI) vulnerability in the StaticAnalyzer/views.py script. This vulnerability allows attackers to read arbitrary files via a crafted HTTP request.

EPSS

Процентиль: 83%

0.01855

Низкий

7.5 High

CVSS3

CVE ID