mobsf@3.3.5 vulnerabilities
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
-
latest version
4.1.3
-
first published
4 years ago
-
latest version published
14 days ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the mobsf package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
mobsf is a Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) via the Exploiting this vulnerability allows an attacker to write arbitrary files to any location on the server by manipulating the file path in the archive. How to fix Arbitrary File Write via Archive Extraction (Zip Slip)? A fix was pushed into the |
[0,)
|
mobsf is a Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Affected versions of this package are vulnerable to URL Redirection to Untrusted Site ('Open Redirect') through the authentication view by manipulating the redirect URL after a successful login. Note:* This is only exploitable if the authentication feature is enabled. How to fix URL Redirection to Untrusted Site ('Open Redirect')? A fix was pushed into the |
[0,)
|
mobsf is a Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) due to the firebase database check logic. An attacker can cause the server to make connections to internal-only services within the organization's infrastructure by uploading a malicious app to the Static analyzer, enabling internal requests. How to fix Server-Side Request Forgery (SSRF)? Upgrade |
[,4.1.3)
|
mobsf is a Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Affected versions of this package are vulnerable to Insecure Permissions due to missing access restrictions. An attacker can append How to fix Insecure Permissions? There is no fixed version for |
[0,)
|