Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 10:46 a.m.10 views

CVE-2024-3187

This issue tracks two CWE-416 Use After Free UAF and one CWE-415 Double Free vulnerabilities in Goahead versions = 6.0.0. These are caused by JST values not being nulled when freed during parsing of JST templates. If the MEGOAHEADJAVASCRIPT flag is enabled, a remote attacker with the privileges t...

5.9CVSS7.3AI score0.00478EPSS
Exploits0References1
NVD
NVD
added 2024/10/17 8:15 a.m.18 views

CVE-2024-3187

This issue tracks two CWE-416 Use After Free UAF and one CWE-415 Double Free vulnerabilities in Goahead versions = 6.0.0. These are caused by JST values not being nulled when freed during parsing of JST templates. If the MEGOAHEADJAVASCRIPT flag is enabled, a remote attacker with the privileges t...

5.9CVSS0.00478EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/17 7:34 a.m.9 views

CVE-2024-3187

This issue tracks two CWE-416 Use After Free UAF and one CWE-415 Double Free vulnerabilities in Goahead versions = 6.0.0. These are caused by JST values not being nulled when freed during parsing of JST templates. If the MEGOAHEADJAVASCRIPT flag is enabled, a remote attacker with the privileges t...

5.9CVSS7.2AI score0.00478EPSS
Exploits0References1
CVE
CVE
added 2024/10/17 7:34 a.m.57 views

CVE-2024-3187

CVE-2024-3187 affects Embedthis GoAhead up to version 6.0.0. The issue stems from JST template parsing where JST values aren’t nulled when freed, causing two Use-After-Free (CWE-416) and one Double-Free (CWE-415) vulnerabilities. If the ME_GOAHEAD_JAVASCRIPT flag is enabled, a remote attacker who...

5.9CVSS7.2AI score0.00478EPSS
Exploits0References1
Rows per page
Query Builder