CVE-2024-24753 Bref Multiple Value Headers Not Supported in ApiGatewayFormatV2

Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two headers having the same key but different values only the latest one is kept. If an application relie...

Bref Resource Management Error Vulnerability

Bref is an open source project by Matthieu Napoli Individual Developer that helps you go serverless on AWS using PHP. A resource management error vulnerability exists in versions prior to Bref 2.1.13 that stems from not deleting temporary files after processing a request...

PT-2024-20530 · Bref · Bref

Name of the Vulnerable Software and Affected Versions: Bref versions prior to 2.1.13 Description: The issue arises when Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface. In this scenario, the Lambda event is converted to a PSR7 object. During the...

Bref Security Breach

Bref is an open source project by Matthieu Napoli Individual Developer that helps you go serverless on AWS using PHP. A security vulnerability exists in versions prior to Bref 2.1.13 that stems from not handling multiple value headers when Bref is used in conjunction with a v2-formatted API gatew...