Keeping MobSF updated to the latest version is essential for ensuring security and stability.
Please report all security issues here or email ajin25(gmail). We believe in coordinated and responsible disclosure.
Vulnerability | Affected Versions |
---|---|
Stored Cross-Site Scripting Vulnerability in Recent Scans "Diff or Compare" | <=4.2.8 |
Zip Slip Vulnerability in .a extraction | <=4.0.6 |
Open Redirect in Login redirect | <=4.0.4 |
SSRF in firebase database check | <=3.9.7 |
SSRF in AppLink check via abusing url redirect | <=3.9.6 |
SSRF in AppLink check via crafted android:host | <=3.9.5 |
Arbitrary Local file read in APK icon resource | >=1.0.4, <=3.9.2 |
Remote Code Execution via arbitrary file overwrite vulnerability in apktool <2.9.2, [CVE-2024-21633] | <=3.9.1 |
Arbitrary Local file read regression | <3.0.0 |
Upload a malicious zip file can overwrite arbitary files | >=0.9.3.2, <=0.9.4.1 |
Arbitrary Local file read | <=0.9.2 |