Mobile Security Framework (MobSF) vulnerable to SSRF in firebase database check

GHSA-wpff-wm84-x5cx · CVE-2024-31215

Published Apr 4, 2024 · Modified Jun 30, 2025

Description

Impact

What kind of vulnerability is it? Who is impacted?
SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s infrastructure. When malicious app is uploaded to Static analyzer, it is possible to make internal requests.

Credits: Oleg Surnin (Positive Technologies).

Patches

Has the problem been patched? What versions should users upgrade to?
v3.9.8 and above

Workarounds

Is there a way for users to fix or remediate the vulnerability without upgrading?
Code level patch

References

Are there any links users can visit to find out more?
https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2373

References

WEB https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-wpff-wm84-x5cx
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-31215
WEB https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2373
WEB https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/43bb71d115d78c03faa82d75445dd908e9b32716
PACKAGE https://github.com/MobSF/Mobile-Security-Framework-MobSF

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes