mobsf@3.3.5 vulnerabilities

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

latest version

3.9.7
first published

3 years ago
latest version published

2 months ago
licenses detected
- GPL-3.0
  [0,)
View mobsf package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the mobsf package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Server-Side Request Forgery (SSRF) mobsf is a Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) due to the firebase database check logic. An attacker can cause the server to make connections to internal-only services within the organization's infrastructure by uploading a malicious app to the Static analyzer, enabling internal requests. How to fix Server-Side Request Forgery (SSRF)? A fix was pushed into the `master` branch but not yet published.	[0,)
H Insecure Permissions mobsf is a Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Affected versions of this package are vulnerable to Insecure Permissions due to missing access restrictions. An attacker can append `/recent_scans/` to the URL after the homepage and gain access to APK or IPA reports, potentially leading to sensitive information disclosure. How to fix Insecure Permissions? There is no fixed version for `mobsf`.	[0,)

Server-Side Request Forgery (SSRF)

mobsf is a Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) due to the firebase database check logic. An attacker can cause the server to make connections to internal-only services within the organization's infrastructure by uploading a malicious app to the Static analyzer, enabling internal requests.

How to fix Server-Side Request Forgery (SSRF)?

A fix was pushed into the master branch but not yet published.

[0,)

Insecure Permissions

Affected versions of this package are vulnerable to Insecure Permissions due to missing access restrictions. An attacker can append /recent_scans/ to the URL after the homepage and gain access to APK or IPA reports, potentially leading to sensitive information disclosure.

How to fix Insecure Permissions?

There is no fixed version for mobsf.

[0,)

Go back to all versions of this package

mobsf@3.3.5 vulnerabilities

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities