{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-14T09:52:06.198","vulnerabilities":[{"cve":{"id":"CVE-2024-31215","sourceIdentifier":"security-advisories@github.com","published":"2024-04-04T16:15:09.787","lastModified":"2025-06-30T13:04:19.583","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile.\nA SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s infrastructure. When a malicious app is uploaded to Static analyzer, it is possible to make internal requests. This vulnerability has been patched in version 3.9.8.\n"},{"lang":"es","value":"Mobile Security Framework (MobSF) es una plataforma de investigación de seguridad para aplicaciones móviles en Android, iOS y Windows Mobile. Una vulnerabilidad SSRF en la lógica de verificación de la base de datos de Firebase. El atacante puede hacer que el servidor establezca una conexión con servicios exclusivamente internos dentro de la infraestructura de la organización. Cuando se carga una aplicación maliciosa en el analizador estático, es posible realizar solicitudes internas. Esta vulnerabilidad ha sido parcheada en la versión 3.9.8."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:opensecurity:mobile_security_framework:*:*:*:*:*:*:*:*","versionEndExcluding":"3.9.8","matchCriteriaId":"66D2235C-C828-4EEB-8D92-B0F1CDF83F24"}]}]}],"references":[{"url":"https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/43bb71d115d78c03faa82d75445dd908e9b32716","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2373","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-wpff-wm84-x5cx","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/43bb71d115d78c03faa82d75445dd908e9b32716","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/2373","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-wpff-wm84-x5cx","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}