Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-3508

Опубликовано: 09 апр. 2024
Источник: redhat
CVSS3: 4.3
EPSS Низкий

Описание

A flaw was found in Bombastic, which allows authenticated users to upload compressed (bzip2 or zstd) SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be decompressed.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Trusted Profile AnalyzerSBOM-Management-(Bombastic)Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=2274109bzip2: Compressed Content Bomb Leads to Denial of Service of Bombastic API

EPSS

Процентиль: 25%
0.00085
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2024-3508

CVSS3: 4.3
nvd
почти 2 года назад

A flaw was found in Bombastic, which allows authenticated users to upload compressed (bzip2 or zstd) SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be decompressed.

github логотип

GHSA-r894-pxpx-j3m6

CVSS3: 4.3
github
почти 2 года назад

A flaw was found in Bombastic, which allows authenticated users to upload compressed (bzip2 or zstd) SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be decompressed.

EPSS

Процентиль: 25%
0.00085
Низкий

4.3 Medium

CVSS3