Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Mobile Security Framework (MobSF) has a SSRF Vulnerability fix bypass on assetlinks_check with DNS Rebinding
Vulnerability Description
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The mitigation for CVE-2024-29190 in valid_host() uses socket.gethostbyname(), which is vulnerable to SSRF abuse using DNS rebinding technique. This vulnerability is fixed in 4.3.2.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Mobile Security Framework 代码问题漏洞
Vulnerability Description
Mobile Security Framework(MobSF)是Mobile Security Framework开源的一种自动化的一体化移动应用程序。用于渗透测试、恶意软件分析和安全评估,能够执行静态和动态分析。 Mobile Security Framework 4.3.2之前版本存在代码问题漏洞,该漏洞源于使用DNS重绑定技术的SSRF滥用。
CVSS Information
N/A
Vulnerability Type
N/A