7 matches found
CVE-2024-3508
A flaw was found in Bombastic, which allows authenticated users to upload compressed bzip2 or zstd SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be decompressed...
CVE-2024-3508 Bzip2: compressed content bomb leads to denial of service of bombastic api
A flaw was found in Bombastic, which allows authenticated users to upload compressed bzip2 or zstd SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be decompressed...
PT-2024-26308 · Bombastic · Bombastic
Name of the Vulnerable Software and Affected Versions: Bombastic affected versions not specified Description: A flaw was found in Bombastic, allowing authenticated users to upload compressed bzip2 or zstd SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To...
CVE-2024-3508
A flaw was found in Bombastic, which allows authenticated users to upload compressed bzip2 or zstd SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be decompressed...
Design/Logic Flaw
syft is a a CLI tool and Go library for generating a Software Bill of Materials SBOM from container images and filesystems. A password disclosure flaw was found in Syft versions v0.69.0 and v0.69.1. This flaw leaks the password stored in the SYFTATTESTPASSWORD environment variable. The...
Pip-Audit - Audits Python Environments And Dependency Trees For Known Vulnerabilities
pip-audit is a tool for scanning Python environments for packages with known vulnerabilities. It uses the Python Packaging Advisory Database https://github.com/pypa/advisory-db via the PyPI JSON API as a source of vulnerability reports. This project is developed by Trail of Bits with support from...
Mandating a Zero-Trust Approach for Software Supply Chains
In the wake of the SolarWinds attack last year, President Biden issued an executive order in May advocating for mandatory software bills of materials, or SBOMs, to increase software transparency and counter supply-chain attacks. For reference, SBOMs are machine-readable documents that provide a...