CVE-2024-3508
CVE-2024-3508 concerns Bombastic: authenticated users can upload compressed (bzip2 or zstd) SBOMs via the API, with verification that requires decompression of the uploaded file first. The vulnerability centers on the upload endpoint and its handling of compressed content, enabling a partial impa...