Home > Vulnerability Database > CVE-2024-43399

Mend.io Vulnerability Database

CVE-2024-43399

Good to know:

Date: August 19, 2024

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Before 4.0.7, there is a flaw in the Static Libraries analysis section. Specifically, during the extraction of .a extension files, the measure intended to prevent Zip Slip attacks is improperly implemented. Since the implemented measure can be bypassed, the vulnerability allows an attacker to extract files to any desired location within the server running MobSF. This vulnerability is fixed in 4.0.7.

Language: Python

Severity Score

8.0

Related Resources (5)

Url: https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/cc625fe8430f3437a473e82aa2966d100a4dc883

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-43399

Url: https://github.com/MobSF/Mobile-Security-Framework-MobSF

Url: https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-4hh3-vj32-gr6j

Url: https://www.mend.io/vulnerability-database/CVE-2024-43399

Severity Score

8.0

Weakness Type (CWE)

Path Traversal

CWE-22

Relative Path Traversal

CWE-23

CVSS v3.1

Base Score:	8.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-43399

Good to know:

Date: August 19, 2024

Language: Python

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?