A flaw was found in Bombastic, which allows authenticated users to upload compressed (bzip2 or zstd) SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be decompressed.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-04-25T17:46:21.762Z
Updated: 2024-08-20T17:43:10.724Z
Reserved: 2024-04-09T08:03:26.957Z
Link: CVE-2024-3508
Vulnrichment
Updated: 2024-08-01T20:12:07.548Z
NVD
Status : Awaiting Analysis
Published: 2024-04-25T18:15:09.567
Modified: 2024-07-03T02:06:18.367
Link: CVE-2024-3508
Redhat