Filtered by vendor Redhat Subscriptions
Filtered by product Trusted Profile Analyzer Subscriptions
Total 4 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-3508 1 Redhat 1 Trusted Profile Analyzer 2024-11-21 4.3 Medium
A flaw was found in Bombastic, which allows authenticated users to upload compressed (bzip2 or zstd) SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be decompressed.
CVE-2024-39249 1 Redhat 2 Advanced Cluster Security, Trusted Profile Analyzer 2024-11-21 7.5 High
Async <= 2.6.4 and <= 3.2.5 are vulnerable to ReDoS (Regular Expression Denial of Service) while parsing function in autoinject function. NOTE: this is disputed by the supplier because there is no realistic threat model: regular expressions are not used with untrusted input.
CVE-2024-45590 3 Expressjs, Openjsf, Redhat 8 Body-parser, Body-parser, Advanced Cluster Security and 5 more 2024-09-20 7.5 High
body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in 1.20.3.
CVE-2024-45296 2 Pillarjs, Redhat 10 Path-to-regexp, Ansible Automation Platform, Logging and 7 more 2024-09-10 7.5 High
path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a DoS. The bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period (.). For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0.