RHEL 8 : Release of OpenShift Serverless Client kn 1.26.0 (Low) (RHSA-2022:8932)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:8932 advisory. Red Hat OpenShift Serverless Client kn 1.26.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.26.0. The kn CLI is delivered as an RPM...

RHEL 8 : Release of OpenShift Serverless Client kn 1.20.0 (Moderate) (RHSA-2022:0432)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0432 advisory. Red Hat OpenShift Serverless Client kn 1.20.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.20.0. The kn CLI is delivered a...

RHEL 8 : Release of OpenShift Serverless Client kn 1.22.1 (Moderate) (RHSA-2022:4860)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:4860 advisory. The Red Hat OpenShift Serverless Client kn 1.22.1 provides a CLI to interact with Red Hat OpenShift Serverless 1.22.1. The kn CLI is deliver...

RHEL 8 : Release of OpenShift Serverless Client kn 1.17.0 (Moderate) (RHSA-2021:3555)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3555 advisory. Red Hat OpenShift Serverless Client kn 1.17.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.17.0. The kn CLI is delivered a...

RHEL 8 : Release of OpenShift Serverless Client kn 1.27.1 (Moderate) (RHSA-2023:1179)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:1179 advisory. Red Hat OpenShift Serverless Client kn 1.27.1 provides a CLI to interact with Red Hat OpenShift Serverless 1.27.1. The kn CLI is delivered as an RPM...

RHEL 8 : Release of OpenShift Serverless Client kn 1.24.0 (Important) (RHSA-2022:6042)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:6042 advisory. Red Hat OpenShift Serverless Client kn 1.24.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.24.0. The kn CLI is delivered a...

RHEL 8 : Release of OpenShift Serverless Client kn 1.31.1 (RHSA-2024:0880)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0880 advisory. Red Hat OpenShift Serverless Client kn 1.31.1 provides a CLI to interact with Red Hat OpenShift Serverless 1.31.1. The kn CLI is delivered a...

RHEL 8 : Release of OpenShift Serverless Client kn 1.14.0 (RHSA-2021:1339)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:1339 advisory. Red Hat OpenShift Serverless Client kn 1.14.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.14.0. The kn CLI is delivered a...

RHEL 8 : Release of OpenShift Serverless Client kn 1.19.0 (Moderate) (RHSA-2021:4765)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:4765 advisory. Red Hat OpenShift Serverless Client kn 1.19.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.19.0. The kn CLI is delivered as an RPM...

RHEL 8 : Release of OpenShift Serverless Client kn 1.21.1 (Low) (RHSA-2022:1291)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:1291 advisory. Red Hat OpenShift Serverless Client kn 1.21.1 provides a CLI to interact with Red Hat OpenShift Serverless 1.21.1. The kn CLI is delivered as an RPM...

RHEL 8 : Release of OpenShift Serverless Client kn 1.30.1 (RHSA-2023:5479)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:5479 advisory. Red Hat OpenShift Serverless Client kn 1.30.1 provides a CLI to interact with Red Hat OpenShift Serverless 1.30.1. The kn CLI is delivered as an RPM...

RHEL 8 : Release of OpenShift Serverless Client kn 1.22.0 (Low) (RHSA-2022:1745)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:1745 advisory. Red Hat OpenShift Serverless Client kn 1.22.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.22.0. The kn CLI is delivered a...

Serverless Billing Attack

bref/bref is vulnerable to Serverless Billing Attack. The vulnerability is due to slow multi-byte string operations performed on the Content-Type header values in the Riverline/multipart-parser library used by Bref. It allows an attacker to send specially crafted requests, causing long operations...

CVE-2024-29186 Slow String Operations via MultiPart Requests in Event-Driven Functions

Bref is an open-source project that helps users go serverless on Amazon Web Services with PHP. When Bref prior to version 2.1.17 is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion...

CVE-2024-29186 Slow String Operations via MultiPart Requests in Event-Driven Functions

Bref is an open-source project that helps users go serverless on Amazon Web Services with PHP. When Bref prior to version 2.1.17 is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion...

Slow String Operations via MultiPart Requests in Event-Driven Functions

Impacted Resources bref/src/Event/Http/Psr7Bridge.php:94-125 multipart-parser/src/StreamedPart.php:383-418 Description When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion...

Bref 安全漏洞

Bref is an open source project by Matthieu Napoli Individual Developer that helps you go serverless on AWS using PHP. A security vulnerability exists in versions prior to Bref 2.1.17, which stems from the fact that an attacker can send specially designed requests that force the server to perform...

Moderate: Red Hat Security Advisory: Release of OpenShift Serverless 1.32.0

Red Hat OpenShift Serverless version 1.32.0 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...

Critical: Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.31.1 security update

Red Hat OpenShift Serverless 1.31.1 is now available. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in th...

Critical: Red Hat Security Advisory: Release of OpenShift Serverless 1.31.1

Red Hat OpenShift Serverless version 1.31.1 is now available. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...