CVE-2024-54000
published 2024-12-03CVE-2024-54000: Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In…
PriorityP344high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.41%
32.5th percentile
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get() request in the _check_url method is specified as allow_redirects=True, which allows a server-side request forgery when a request to .well-known/assetlinks.json" returns a 302 redirect. This is a bypass of the fix for CVE-2024-29190 and is fixed in 3.9.7.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| opensecurity | mobile_security_framework | < 3.9.7 | 3.9.7 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
MobSF vulnerability allows SSRF due to the allow_redirects=True parameter
ghsa·2025-06-27
CVE-2024-54000 [HIGH] CWE-918 MobSF vulnerability allows SSRF due to the allow_redirects=True parameter
MobSF vulnerability allows SSRF due to the allow_redirects=True parameter
### Summary
The fix for the "SSRF Vulnerability on assetlinks_check(act_name, well_knowns)" vulnerability could potentially be bypassed.
### Details
Since the requests.get() request in the _check_url method is specified as allow_redirects=True, if "https://mydomain.com/.well-known/assetlinks.json" returns a 302 redirect, subsequent requests will be sent automatically. If the redirect location is "http://192.168.1.102/user/delete/1", a request will be sent here as well.
It will be safer to use allow_redirects=False.
### Impact
The attacker can cause the server to make a connection to internal-only services within the organization's infrastructure.
OSV
MobSF vulnerability allows SSRF due to the allow_redirects=True parameter
osv·2025-06-27
CVE-2024-54000 [HIGH] MobSF vulnerability allows SSRF due to the allow_redirects=True parameter
MobSF vulnerability allows SSRF due to the allow_redirects=True parameter
### Summary
The fix for the "SSRF Vulnerability on assetlinks_check(act_name, well_knowns)" vulnerability could potentially be bypassed.
### Details
Since the requests.get() request in the _check_url method is specified as allow_redirects=True, if "https://mydomain.com/.well-known/assetlinks.json" returns a 302 redirect, subsequent requests will be sent automatically. If the redirect location is "http://192.168.1.102/user/delete/1", a request will be sent here as well.
It will be safer to use allow_redirects=False.
### Impact
The attacker can cause the server to make a connection to internal-only services within the organization's infrastructure.
OSV
CVE-2024-54000: Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analys
osv·2024-12-03·CVSS 7.5
CVE-2024-54000 [HIGH] CVE-2024-54000: Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analys
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get() request in the _check_url method is specified as allow_redirects=True, which allows a server-side request forgery when a request to .well-known/assetlinks.json" returns a 302 redirect. This is a bypass of the fix for CVE-2024-29190 and is fixed in 3.9.7.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-12-03
Published