CVE-2024-31215

Name of the Vulnerable Software and Affected Versions Mobile Security Framework (MobSF) versions prior to 3.9.8

Description A Server-Side Request Forgery (SSRF) vulnerability exists in the firebase database check logic of the Mobile Security Framework (MobSF). This allows an attacker to cause the server to make a connection to internal-only services within the organization's infrastructure. When a malicious app is uploaded to the Static analyzer, it is possible to make internal requests.

Recommendations For versions prior to 3.9.8, update to version 3.9.8 or above to resolve the issue. As a temporary workaround, consider applying a code-level patch until a official patch is available.