Skip to main content

Mobile Security Framework CVE-2024-29190

HIGH
Server-Side Request Forgery (SSRF) (CWE-918)
2024-03-22 security-advisories@github.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Mar 22, 2024 - 23:15 nvd
HIGH 7.5

DescriptionNVD

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in android:host, so requests can also be sent to local hostnames. This can lead to server-side request forgery. An attacker can cause the server to make a connection to internal-only services within the organization's infrastructure. Commit 5a8eeee73c5f504a6c3abdf2a139a13804efdb77 has a hotfix for this issue.

AnalysisAI

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Server-Side Request Forgery (SSRF) (CWE-918), which allows attackers to make the server perform requests to unintended internal or external resources. Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in android:host, so requests can also be sent to local hostnames. This can lead to server-side request forgery. An attacker can cause the server to make a connection to internal-only services within the organization's infrastructure. Commit 5a8eeee73c5f504a6c3abdf2a139a13804efdb77 has a hotfix for this issue. Affected products include: Opensecurity Mobile Security Framework. Version information: version 3.9.5.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate and allowlist destination URLs, block requests to internal networks, use network segmentation.

CVE-2024-43399 CRITICAL POC
9.8 Aug 19

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of perfor

CVE-2025-46335 HIGH POC
8.6 May 05

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mo

CVE-2026-24490 HIGH POC
8.1 Jan 27

MobSF versions prior to 4.4.5 are vulnerable to stored XSS through unsanitized rendering of Android manifest attributes

CVE-2023-42261 HIGH POC
7.5 Sep 21

Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions. Rated high severity (CVSS 7.5), t

CVE-2022-41547 HIGH POC
7.5 Oct 18

Mobile Security Framework (MobSF) v0.9.2 and below was discovered to contain a local file inclusion (LFI) vulnerability

CVE-2025-46730 MEDIUM POC
6.8 May 05

MobSF is a mobile application security testing tool used. Rated medium severity (CVSS 6.8), this vulnerability is remote

CVE-2024-53999 MEDIUM POC
5.4 Dec 03

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of perfor

CVE-2024-41955 MEDIUM POC
5.4 Jul 31

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mo

CVE-2025-31116 MEDIUM POC
4.4 Mar 31

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of perfor

CVE-2024-54000 HIGH
7.5 Dec 03

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of perfor

CVE-2025-58161 LOW POC
1.3 Sep 02

MobSF is a mobile application security testing tool used. Rated low severity (CVSS 1.3), this vulnerability is remotely

CVE-2024-31215 MEDIUM
4.3 Apr 04

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mo

Share

CVE-2024-29190 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy