Headline
GHSA-f42p-vc8p-7x54: MobSF allows attackers to read arbitrary files via a crafted HTTP request
Mobile Security Framework (MobSF) v0.9.2 and below was discovered to contain a local file inclusion (LFI) vulnerability in the StaticAnalyzer/views.py script. This vulnerability allows attackers to read arbitrary files via a crafted HTTP request.
MobSF allows attackers to read arbitrary files via a crafted HTTP request
High severity GitHub Reviewed Published Oct 18, 2022 • Updated Oct 18, 2022
Related news
CVE-2022-41547: [Security] Fix Local File Inclusion Vulnerability in ViewSource Function. Version <= v0.9.2 by thongngo · Pull Request #166 · MobSF/Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) v0.9.2 and below was discovered to contain a local file inclusion (LFI) vulnerability in the StaticAnalyzer/views.py script. This vulnerability allows attackers to read arbitrary files via a crafted HTTP request.