mobsf
PyPI9 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting mobsfpage 1 of 1
- CVE-2022-41547HIGHCVSS 7.5EG 7.5✓ Fixed in 0.9.32022-10-18
Mobile Security Framework (MobSF) v0.9.2 and below was discovered to contain a local file inclusion (LFI) vulnerability in the StaticAnalyzer/views.py script. This vulnerability allows attackers to read arbitrary files via a crafted HTTP r…
- CVE-2023-42261HIGHCVSS 7.5EG 7.5✓ Fixed in 3.9.72023-09-21
vulnerable: 3.2.6 ... 3.7.6 (13 versions)
Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environ…
- CVE-2024-29190HIGHCVSS 7.5EG 7.5✓ Fixed in 3.9.72024-03-22
vulnerable: 3.2.6 ... 3.7.6 (13 versions)
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when ext…
- CVE-2024-31215MEDIUMCVSS 6.3EG 6.3✓ Fixed in 3.9.82024-04-04
vulnerable: 3.2.6 ... 3.9.7 (14 versions)
Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. A SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to …
- CVE-2024-41955MEDIUMCVSS 5.2EG 5.2✓ Fixed in 4.0.52024-07-31
vulnerable: 3.2.6 ... 3.9.7 (14 versions)
Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. An open redirect vulnerability exist in MobSF authentication view. Update to MobSF v4.0.5.
- CVE-2024-43399HIGHCVSS 8.0EG 8.0✓ Fixed in 4.0.72024-08-19
vulnerable: 3.2.6 ... 3.9.7 (14 versions)
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Before 4.0.7, there is a flaw in the Static Libraries analysis section. Specifically,…
- CVE-2024-53999HIGHCVSS 8.1EG 8.1✓ Fixed in 4.2.92024-12-03
vulnerable: 3.2.6 ... 4.1.3 (15 versions)
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. …
- CVE-2024-54000HIGHCVSS 7.5EG 7.5✓ Fixed in 3.9.72024-12-03
vulnerable: 3.2.6 ... 3.7.6 (13 versions)
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get() request in the _check_url method is sp…
- CVE-2026-33545MEDIUMCVSS 5.3EG 5.3✓ Fixed in 4.4.62026-03-26
vulnerable: 3.2.6 ... 4.4.5 (20 versions)
MobSF is a mobile application security testing tool used. Prior to version 4.4.6, MobSF's `read_sqlite()` function in `mobsf/MobSF/utils.py` (lines 542-566) uses Python string formatting (`%`) to construct SQL queries with table names read…
Check whether mobsf is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for mobsf CVEs against the assets you own.
Start Free Scan →