Thongngo

**Name of the Vulnerable Software and Affected Versions** Mobile Security Framework (MobSF) versions 0.9.2 and below **Description** The issue allows attackers to read arbitrary files via a crafted HTTP request, exploiting a local file inclusion (LFI) vulnerability in the StaticAnalyzer/views.py script. **Recommendations** For Mobile Security Framework (MobSF) versions 0.9.2 and below, consider restricting access to the `StaticAnalyzer/views.py` script until a patch is available. As a temporary workaround, avoid using the vulnerable script to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.