Skip to content

Security: MobSF/Mobile-Security-Framework-MobSF

.github/SECURITY.md

Security Policy

Keeping MobSF updated to the latest version is essential for ensuring security and stability.

Reporting a Vulnerability

Please report all security issues here or email ajin25(gmail). We believe in coordinated and responsible disclosure.

Past Security Issues

Vulnerability Affected Versions
Stored Cross-Site Scripting Vulnerability in Recent Scans "Diff or Compare" <=4.2.8
Zip Slip Vulnerability in .a extraction <=4.0.6
Open Redirect in Login redirect <=4.0.4
SSRF in firebase database check <=3.9.7
SSRF in AppLink check via abusing url redirect <=3.9.6
SSRF in AppLink check via crafted android:host <=3.9.5
Arbitrary Local file read in APK icon resource >=1.0.4, <=3.9.2
Remote Code Execution via arbitrary file overwrite vulnerability in apktool <2.9.2, [CVE-2024-21633] <=3.9.1
Arbitrary Local file read regression <3.0.0
Upload a malicious zip file can overwrite arbitary files >=0.9.3.2, <=0.9.4.1
Arbitrary Local file read <=0.9.2
Learn more about advisories related to MobSF/Mobile-Security-Framework-MobSF in the GitHub Advisory Database