CVE-2025-3048

After completing a build with AWS Serverless Application Model Command Line Interface SAM CLI which include symlinks, the content of those symlinks are copied to the cache of the local workspace as regular files or directories. As a result, a user who does not have access to those symlinks outsid...

CVE-2025-3048

After completing a build with AWS Serverless Application Model Command Line Interface SAM CLI which include symlinks, the content of those symlinks are copied to the cache of the local workspace as regular files or directories. As a result, a user who does not have access to those symlinks outsid...

CVE-2025-3048 Path Traversal in AWS SAM CLI allows file copy to local cache

After completing a build with AWS Serverless Application Model Command Line Interface SAM CLI which include symlinks, the content of those symlinks are copied to the cache of the local workspace as regular files or directories. As a result, a user who does not have access to those symlinks outsid...

CVE-2025-3048

CVE-2025-3048 concerns AWS SAM CLI. When building with Docker (--use-container) and symlinks are included, the content of those symlinks can be copied into the SAM CLI cache as regular files/directories, potentially exposing privileged host files to users within the local workspace. This affects ...

CVE-2025-3047

CVE-2025-3047 affects the AWS SAM CLI when building with Docker in the local workspace. The issue arises from symlinks in build files, enabling a user to access privileged host files through the container’s elevated permissions. Impact is limited to local workspaces using container builds and doe...

AWS SAM CLI 安全漏洞

AWS SAM CLI is an Amazon Web Services open source CLI tool for building, testing, debugging and deploying serverless applications using AWS SAM. A security vulnerability exists in AWS SAM CLI that stems from a symbolic link that could lead to access to host privileged files...

CVE-2024-32980

Spin is the developer tool for building and running serverless applications powered by WebAssembly. Prior to 2.4.3, some specifically configured Spin applications that use self requests without a specified URL authority can be induced to make requests to arbitrary hosts via the Host HTTP header...

CVE-2025-23045

CVE-2025-23045 affects Computer Vision Annotation Tool (CVAT). An attacker with an account on an affected CVAT instance can execute arbitrary code in the Nuclio function container via serverless tracker functions (TransT and SiamMask); deployments with custom tracker functions may also be affecte...

Computer Vision Annotation Tool 代码问题漏洞

Computer Vision Annotation Tool CVAT is a cvat.ai open source interactive video and image annotation tool for computer vision. A code issue vulnerability exists in Computer Vision Annotation Tool that originates when running certain types of serverless functions, which could allow an attacker to...

Moderate: Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.35.0 security update & enhancements

Release of OpenShift Serverless Logic 1.35.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

The Benefits of Serverless Computing Architecture

...

The Future of Serverless Security in 2025: From Logs to Runtime Protection

Serverless environments, leveraging services such as AWS Lambda, offer incredible benefits in terms of scalability, efficiency, and reduced operational overhead. However, securing these environments is extremely challenging. The core of current serverless security practices often revolves around...

RHEL 8 : Red Hat OpenShift Serverless Client kn 1.12.0 (Moderate) (RHSA-2021:0145)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:0145 advisory. Red Hat OpenShift Serverless Client kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux...

RHEL 8 : Release of OpenShift Serverless Client kn 1.16.0 (Moderate) (RHSA-2021:2704)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:2704 advisory. Red Hat OpenShift Serverless Client kn 1.16.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.16.0. The kn CLI is delivered a...

Expanding Wiz Runtime Sensor Coverage - Now Blocking Threats and Protecting Serverless Containers at Runtime

Wiz extends its cloud-native runtime sensor to secure serverless containers, providing deep visibility, blocking, and hunting capabilities for AWS Fargate and Azure Container Apps...

Wiz Expands Runtime Protection to Serverless Containers

Wiz extends its cloud-native runtime sensor to secure serverless containers, providing deep visibility, blocking, and hunting capabilities for AWS Fargate and Azure Container Apps...

Important: Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.34.0 security update & enhancements

Release of OpenShift Serverless Logic 1.34.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

@0xc/serverless-offline-aws-sqs (>=1.0.0 <=2.0.3), @1eg/cert-manager-to-azion (>=0.0.1 <=0.2.0) +2899 more potentially affected by CVE-2024-21534 via jsonpath-plus (>=0.12.0 <=10.1.0)

jsonpath-plus NPM version =0.12.0, =1.0.0, =0.0.1, =0.0.1, =0.0.1-alpha, =0.4.0-next.10, =0.7.0, =0.0.1, =1.0.0, =1.0.98-alpha.0, =1.3.65-alpha.0, =1.27.0, =0.0.1, =1.0.0-atomist-update-latest-1544450968007.20181210141037, =1.0.0-atomist-update-latest-1544451015596.20181210141150,...

Qualys VMDR Rated as the Only Leader and Outperformer by Independent Analyst Firm for the Second Consecutive Year

Qualys VMDR received the highest possible scores for risk-based assessment, cloud-native and serverless function scanning, and flexibility of deployment, among 20 vendors evaluated in this report. As the threat landscape evolves, vulnerability management remains a cornerstone of security...

RHSA-2023:6298 Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.30.2 security update

Bulletin has no description...