Description

This issue tracks two CWE-416 Use After Free (UAF) and one CWE-415 Double Free vulnerabilities in Goahead versions <= 6.0.0. These are caused by JST values not being nulled when freed during parsing of JST templates. If the ME_GOAHEAD_JAVASCRIPT flag is enabled, a remote attacker with the privileges to modify JavaScript template (JST) files could exploit this by providing malicious templates. This may lead to memory corruption, potentially causing a Denial of Service (DoS) or, in rare cases, code execution, though the latter is highly context-dependent.

INFO

Published Date :

2024-10-17T07:34:50.960Z

Last Modified :

2024-10-17T14:40:42.458Z

Source :

Nozomi
AFFECTED PRODUCTS

The following products are affected by CVE-2024-3187 vulnerability.

Vendors Products
Embedthis
  • Goahead
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-3187.

URL Resource
https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-3187 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact