4 matches found
CVE-2024-3187
This issue tracks two CWE-416 Use After Free UAF and one CWE-415 Double Free vulnerabilities in Goahead versions = 6.0.0. These are caused by JST values not being nulled when freed during parsing of JST templates. If the MEGOAHEADJAVASCRIPT flag is enabled, a remote attacker with the privileges t...
CVE-2024-3187
This issue tracks two CWE-416 Use After Free UAF and one CWE-415 Double Free vulnerabilities in Goahead versions = 6.0.0. These are caused by JST values not being nulled when freed during parsing of JST templates. If the MEGOAHEADJAVASCRIPT flag is enabled, a remote attacker with the privileges t...
CVE-2024-3187
This issue tracks two CWE-416 Use After Free UAF and one CWE-415 Double Free vulnerabilities in Goahead versions = 6.0.0. These are caused by JST values not being nulled when freed during parsing of JST templates. If the MEGOAHEADJAVASCRIPT flag is enabled, a remote attacker with the privileges t...
CVE-2024-3187
CVE-2024-3187 affects Embedthis GoAhead up to version 6.0.0. The issue stems from JST template parsing where JST values aren’t nulled when freed, causing two Use-After-Free (CWE-416) and one Double-Free (CWE-415) vulnerabilities. If the ME_GOAHEAD_JAVASCRIPT flag is enabled, a remote attacker who...