mobsf 4.3.0 vulnerabilities

Known vulnerabilities in the mobsf package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
H Improper Privilege Management mobsf is a Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Affected versions of this package are vulnerable to Improper Privilege Management via the `/source_code` endpoint. An attacker can access sensitive information by obtaining an API token that grants all privileges, despite having minimal user rights. How to fix Improper Privilege Management? A fix was pushed into the `master` branch but not yet published.	[0,)
H Improper Validation of Specified Type of Input mobsf is a Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input through the `urls.py` file where URL rules are defined. An attacker can cause the application to throw a 500 error and fail to display content by uploading a malicious application with a modified `Info.plist` file containing restricted characters in the `CFBundleIdentifier` key. How to fix Improper Validation of Specified Type of Input? A fix was pushed into the `master` branch but not yet published.	[0,)
H Cross-site Scripting (XSS) mobsf is a Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) through the `dynamic_analysis.html` functionality. An attacker can perform actions as users, including administrative users, by uploading a malicious application to the Corellium platform and exploiting unsanitized input in the `bundle` identifier. How to fix Cross-site Scripting (XSS)? A fix was pushed into the `master` branch but not yet published.	[0,)
H Insecure Permissions mobsf is a Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Affected versions of this package are vulnerable to Insecure Permissions due to missing access restrictions. An attacker can append `/recent_scans/` to the URL after the homepage and gain access to APK or IPA reports, potentially leading to sensitive information disclosure. How to fix Insecure Permissions? There is no fixed version for `mobsf`.	[0,)

Vulnerability

Vulnerable Version

Improper Privilege Management

mobsf is a Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Affected versions of this package are vulnerable to Improper Privilege Management via the /source_code endpoint. An attacker can access sensitive information by obtaining an API token that grants all privileges, despite having minimal user rights.

How to fix Improper Privilege Management?

A fix was pushed into the master branch but not yet published.

[0,)

Improper Validation of Specified Type of Input

Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input through the urls.py file where URL rules are defined. An attacker can cause the application to throw a 500 error and fail to display content by uploading a malicious application with a modified Info.plist file containing restricted characters in the CFBundleIdentifier key.

How to fix Improper Validation of Specified Type of Input?

A fix was pushed into the master branch but not yet published.

[0,)

Cross-site Scripting (XSS)

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) through the dynamic_analysis.html functionality. An attacker can perform actions as users, including administrative users, by uploading a malicious application to the Corellium platform and exploiting unsanitized input in the bundle identifier.

How to fix Cross-site Scripting (XSS)?

A fix was pushed into the master branch but not yet published.

[0,)

Insecure Permissions

Affected versions of this package are vulnerable to Insecure Permissions due to missing access restrictions. An attacker can append /recent_scans/ to the URL after the homepage and gain access to APK or IPA reports, potentially leading to sensitive information disclosure.

How to fix Insecure Permissions?

There is no fixed version for mobsf.

[0,)

mobsf@4.3.0 vulnerabilities

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities

How to fix?