Lucene search
GoogleOSV:CVE-2022-41547HistoryOct 18, 2022 - 3:15 p.m.
CVE-2022-41547
2022-10-1815:15:10
Google
osv.dev
3
mobile security framework
lfi vulnerability
staticanalyzer/views.py
http request
arbitrary files
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.002 Low
EPSS
Percentile
65.1%
Mobile Security Framework (MobSF) v0.9.2 and below was discovered to contain a local file inclusion (LFI) vulnerability in the StaticAnalyzer/views.py script. This vulnerability allows attackers to read arbitrary files via a crafted HTTP request.
Related
cve
cve
CVE-2022-41547
2022-10-18 15:15:10
prion
prion
Cross site request forgery (csrf)
2022-10-18 15:15:00
nvd
nvd
CVE-2022-41547
2022-10-18 15:15:10
cvelist
cvelist
CVE-2022-41547
2022-10-18 00:00:00
osv
osv
MobSF allows attackers to read arbitrary files via a crafted HTTP request
2022-10-18 19:00:33
github
github
MobSF allows attackers to read arbitrary files via a crafted HTTP request
2022-10-18 19:00:33
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.002 Low
EPSS
Percentile
65.1%
Related for OSV:CVE-2022-41547