Lucene search
K

7 matches found

NVD
NVD
added 2024/04/25 6:15 p.m.10 views

CVE-2024-3508

A flaw was found in Bombastic, which allows authenticated users to upload compressed bzip2 or zstd SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be decompressed...

4.3CVSS4.4AI score0.00491EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/04/25 5:46 p.m.24 views

CVE-2024-3508 Bzip2: compressed content bomb leads to denial of service of bombastic api

A flaw was found in Bombastic, which allows authenticated users to upload compressed bzip2 or zstd SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be decompressed...

4.3CVSS4.7AI score0.00491EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/25 12:0 a.m.3 views

PT-2024-26308 · Bombastic · Bombastic

Name of the Vulnerable Software and Affected Versions: Bombastic affected versions not specified Description: A flaw was found in Bombastic, allowing authenticated users to upload compressed bzip2 or zstd SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To...

4.3CVSS4.3AI score0.00491EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2024/04/09 8:21 a.m.84 views

CVE-2024-3508

A flaw was found in Bombastic, which allows authenticated users to upload compressed bzip2 or zstd SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be decompressed...

4.3CVSS6.9AI score0.00491EPSS
Exploits0References3
Prion
Prion
added 2023/02/07 1:15 a.m.17 views

Design/Logic Flaw

syft is a a CLI tool and Go library for generating a Software Bill of Materials SBOM from container images and filesystems. A password disclosure flaw was found in Syft versions v0.69.0 and v0.69.1. This flaw leaks the password stored in the SYFTATTESTPASSWORD environment variable. The...

5CVSS7.5AI score0.00791EPSS
Exploits1References2Affected Software1
Kitploit
Kitploit
added 2022/01/19 11:30 a.m.53 views

Pip-Audit - Audits Python Environments And Dependency Trees For Known Vulnerabilities

pip-audit is a tool for scanning Python environments for packages with known vulnerabilities. It uses the Python Packaging Advisory Database https://github.com/pypa/advisory-db via the PyPI JSON API as a source of vulnerability reports. This project is developed by Trail of Bits with support from...

7.5CVSS8.3AI score0.03855EPSS
Exploits1References5
ThreatPost
ThreatPost
added 2021/10/13 1:22 p.m.36 views

Mandating a Zero-Trust Approach for Software Supply Chains

In the wake of the SolarWinds attack last year, President Biden issued an executive order in May advocating for mandatory software bills of materials, or SBOMs, to increase software transparency and counter supply-chain attacks. For reference, SBOMs are machine-readable documents that provide a...

7.4AI score
Exploits0References7
Rows per page
Query Builder