Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
This issue tracks two CWE-416 Use After Free (UAF) and one CWE-415 Double Free vulnerabilities in Goahead versions <= 6.0.0. These are caused by JST values not being nulled when freed during parsing of JST templates. If the ME_GOAHEAD_JAVASCRIPT flag is enabled, a remote attacker with the privileges to modify JavaScript template (JST) files could exploit this by providing malicious templates. This may lead to memory corruption, potentially causing a Denial of Service (DoS) or, in rare cases, code execution, though the latter is highly context-dependent.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
Vulnerability Type
释放后使用
Vulnerability Title
Embedthis Software GoAhead 资源管理错误漏洞
Vulnerability Description
Embedthis Software GoAhead是美国Embedthis Software公司的一个开源的小型嵌入式 Web 服务器。 Embedthis Software GoAhead 6.0.0及之前版本存在资源管理错误漏洞,该漏洞源于在解析JST模板期间释放JST值时未将其清空,可能导致拒绝服务或在极少数情况下导致代码执行。
CVSS Information
N/A
Vulnerability Type
N/A