Описание
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The mitigation for CVE-2024-29190 in valid_host() uses socket.gethostbyname(), which is vulnerable to SSRF abuse using DNS rebinding technique. This vulnerability is fixed in 4.3.2.
Ссылки
- Patch
- ExploitVendor Advisory
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.3.2 (исключая)
cpe:2.3:a:opensecurity:mobile_security_framework:*:*:*:*:*:*:*:*
EPSS
Процентиль: 54%
0.0031
Низкий
4.4 Medium
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-918
Связанные уязвимости
CVSS3: 4.4
github
10 месяцев назад
Mobile Security Framework (MobSF) has a SSRF Vulnerability fix bypass on assetlinks_check with DNS Rebinding
EPSS
Процентиль: 54%
0.0031
Низкий
4.4 Medium
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-918