CVE-2024-54000: MobSF vulnerability allows SSRF due to the allow_redirects=True parameter
The fix for the “SSRF Vulnerability on assetlinks_check(act_name, well_knowns)” vulnerability could potentially be bypassed.
References
- github.com/MobSF/Mobile-Security-Framework-MobSF
- github.com/MobSF/Mobile-Security-Framework-MobSF/commit/f22c584aa7d43527970c9da61eb678953cfc0a8e
- github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-m435-9v6r-v5f6
- github.com/advisories/GHSA-m435-9v6r-v5f6
- github.com/pypa/advisory-database/tree/main/vulns/mobsf/PYSEC-2024-256.yaml
- nvd.nist.gov/vuln/detail/CVE-2024-54000
Code Behaviors & Features
Detect and mitigate CVE-2024-54000 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →