GHSA-wpff-wm84-x5cx: Mobile Security Framework (MobSF) vulnerable to SSRF in firebase database check

Skip to content

• • Actions

    Automate any workflow

  • Packages

    Host and manage packages

  • Security

    Find and fix vulnerabilities

  • Codespaces

    Instant dev environments

  • Copilot

    Write better code with AI

  • Code review

    Manage code changes

  • Issues

    Plan and track work

  • Discussions

    Collaborate outside of code

• • GitHub Sponsors

    Fund open source developers

*   The ReadME Project
    
    GitHub community articles

• Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

1. GitHub Advisory Database
2. GitHub Reviewed
3. CVE-2024-31215

Mobile Security Framework (MobSF) vulnerable to SSRF in firebase database check

Affected versions

<= 3.9.7

Description

Impact

What kind of vulnerability is it? Who is impacted?
SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s infrastructure. When malicious app is uploaded to Static analyzer, it is possible to make internal requests.

Credits: Oleg Surnin (Positive Technologies).

Patches

Has the problem been patched? What versions should users upgrade to?
v3.9.8 and above

Workarounds

Is there a way for users to fix or remediate the vulnerability without upgrading?
Code level patch

References

Are there any links users can visit to find out more?
MobSF/Mobile-Security-Framework-MobSF#2373

References

• GHSA-wpff-wm84-x5cx
• MobSF/Mobile-Security-Framework-MobSF#2373
• MobSF/Mobile-Security-Framework-MobSF@43bb71d

Published to the GitHub Advisory Database

Apr 4, 2024