CVE-2024-3508
Bzip2: compressed content bomb leads to denial of service of bombastic api
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 4.3EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
25 abr 2024Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A flaw was found in Bombastic, which allows authenticated users to upload compressed (bzip2 or zstd) SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be decompressed.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →