GHSA-M435-9V6R-V5F6 MobSF vulnerability allows SSRF due to the allow_redirects=True parameter
Summary The fix for the "SSRF Vulnerability on assetlinkscheckactname, wellknowns" vulnerability could potentially be bypassed. Details Since the requests.get request in the checkurl method is specified as allowredirects=True, if "https://mydomain.com/.well-known/assetlinks.json" returns a 302...