CVE-2024-3508

EPSS 0.09%
Veröffentlicht 25.04.2024 18:15:09
Zuletzt bearbeitet 18.06.2025 19:28:13
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A flaw was found in Bombastic, which allows authenticated users to upload compressed (bzip2 or zstd) SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be decompressed.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Trusted Profile Analyzer Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.256

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://access.redhat.com/security/cve/CVE-2024-3508

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2274109

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2024-3508

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-3508

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-3508

EUVD