Description

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get() request in the _check_url method is specified as allow_redirects=True, which allows a server-side request forgery when a request to .well-known/assetlinks.json" returns a 302 redirect. This is a bypass of the fix for CVE-2024-29190 and is fixed in 3.9.7.

INFO

Published Date :

2024-12-03T15:33:56.232Z

Last Modified :

2024-12-03T17:01:38.678Z

Source :

GitHub_M

Researchers

Following researchers has claimed that they have found this vulnerability.

@aydinnyunus
AFFECTED PRODUCTS

The following products are affected by CVE-2024-54000 vulnerability.

Vendors Products
Mobsf
  • Mobile Security Framework
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-54000.

URL Resource
https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/f22c584aa7d43527970c9da61eb678953cfc0a8e cve-icon cve-icon
https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-m435-9v6r-v5f6 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact