VYPR

Goahead

by Nozominetworks

CVEs (1)

  • CVE-2024-3187MedOct 17, 2024
    risk 0.38cvss 5.9epss 0.00

    This issue tracks two CWE-416 Use After Free (UAF) and one CWE-415 Double Free vulnerabilities in Goahead versions <= 6.0.0. These are caused by JST values not being nulled when freed during parsing of JST templates. If the ME_GOAHEAD_JAVASCRIPT flag is enabled, a remote…