CVE-2024-9358

Name of the Vulnerable Software and Affected Versions ThingsBoard versions up to 3.7.0

Description A vulnerability has been found in the HTTP RPC API component of ThingsBoard, which can lead to resource consumption. The attack can be launched remotely, but the complexity of an attack is rather high and the exploitation appears to be difficult. The issue is classified as problematic and affects an unknown functionality of the component.

Recommendations For versions up to 3.7.0, upgrade to version 3.7.1 to address this issue. As a temporary workaround, consider restricting access to the HTTP RPC API component until the upgrade is applied.