CVSS: 5.5EPSS: 0%CPEs: 46EXPL: 0CVE-2024-11831 – Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript
https://notcve.org/view.php?id=CVE-2024-11831
10 Feb 2025 — A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web applicatio... • https://access.redhat.com/security/cve/CVE-2024-11831 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3508 – Bzip2: compressed content bomb leads to denial of service of bombastic api
https://notcve.org/view.php?id=CVE-2024-3508
25 Apr 2024 — A flaw was found in Bombastic, which allows authenticated users to upload compressed (bzip2 or zstd) SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be decompressed. Se encontró una falla en Bombastic, que permite a los usuarios autenticados cargar SBOM comprimidos (bzip2 o zstd). El endpoint de API verifica la presencia de algunos campos y valores en el JSON. • https://access.redhat.com/security/cve/CVE-2024-3508 • CWE-400: Uncontrolled Resource Consumption CWE-434: Unrestricted Upload of File with Dangerous Type •