Description

A flaw was found in Bombastic, which allows authenticated users to upload compressed (bzip2 or zstd) SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be decompressed.

INFO

Published Date :

2024-04-25T17:46:21.762Z

Last Modified :

2025-11-20T19:02:23.754Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2024-3508 vulnerability.

Vendors Products
Redhat
  • Trusted Profile Analyzer

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact