Description

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in `android:host`, so requests can also be sent to local hostnames. This can lead to server-side request forgery. An attacker can cause the server to make a connection to internal-only services within the organization's infrastructure. Commit 5a8eeee73c5f504a6c3abdf2a139a13804efdb77 has a hotfix for this issue.

INFO

Published Date :

2024-03-22T22:12:22.561Z

Last Modified :

2025-04-10T20:10:00.461Z

Source :

GitHub_M

Researchers

Following researchers has claimed that they have found this vulnerability.

@aydinnyunus
AFFECTED PRODUCTS

The following products are affected by CVE-2024-29190 vulnerability.

Vendors Products
Mobsf
  • Mobile Security Framework
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-29190.

URL Resource
https://drive.google.com/file/d/1nbKMd2sKosbJef5Mh4DxjcHcQ8Hw0BNR/view?usp=share_link cve-icon cve-icon
https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/5a8eeee73c5f504a6c3abdf2a139a13804efdb77 cve-icon cve-icon
https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-wfgj-wrgh-h3r3 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact