CVE-2024-3186

Name of the Vulnerable Software and Affected Versions GoAhead Web Server versions prior to 6.0.1

Description A NULL Pointer Dereference issue exists in the evalExpr() function of GoAhead Web Server when compiled with the ME GOAHEAD JAVASCRIPT flag. This allows a remote attacker with privileges to modify JavaScript template files to trigger a crash, causing a Denial of Service (DoS) by providing malicious templates.

Recommendations For GoAhead Web Server versions prior to 6.0.1, consider disabling the evalExpr() function or restricting access to JavaScript template files until a patch is available. As a temporary workaround, avoid using the ME GOAHEAD JAVASCRIPT flag to minimize the risk of exploitation.