CVE-2024-3187

Name of the Vulnerable Software and Affected Versions Goahead versions <= 6.0.0

Description This issue involves two Use After Free (UAF) and one Double Free vulnerabilities. These vulnerabilities are caused by JST values not being nulled when freed during parsing of JST templates. If the ME GOAHEAD JAVASCRIPT flag is enabled, a remote attacker with the privileges to modify JavaScript template (JST) files could exploit this by providing malicious templates. This may lead to memory corruption, potentially causing a Denial of Service (DoS) or, in rare cases, code execution.

Recommendations For Goahead versions <= 6.0.0, consider disabling the ME GOAHEAD JAVASCRIPT flag to prevent exploitation until a patch is available. Restrict access to JST files to minimize the risk of malicious template modifications. At the moment, there is no information about a newer version that contains a fix for this vulnerability.