92 matches found
This Week in Spring - July 9th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! And what a week it's been! We've got a lot to get into, so let's dive right in. I quite liked this talk, Continuations: The magic behind virtual threads in Java by Balkrishna Rawool @ Spring I/O 2024 In last week's episode of...
Malicious code in Be.Vlaaոderen.Basisrеgistеrs.Aws.Lаmbda (NuGet)
--- -= Per source details. Do not edit below this line.=-...
Slow String Operations via MultiPart Requests in Event-Driven Functions
Impacted Resources bref/src/Event/Http/Psr7Bridge.php:94-125 multipart-parser/src/StreamedPart.php:383-418 Description When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion...
CVE-2024-24753
Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two headers having the same key but different values only the latest one is kept. If an application relie...
CVE-2024-24754
Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and its content...
CVE-2024-24752
Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and for each whic...
Design/Logic Flaw
Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and for each whic...
Design/Logic Flaw
Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and its content...
Design/Logic Flaw
Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two headers having the same key but different values only the latest one is kept. If an application relie...
CVE-2024-24754 Bref Body Parsing Inconsistency in Event-Driven Functions
Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and its content...
CVE-2024-24754 Bref Body Parsing Inconsistency in Event-Driven Functions
Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and its content...
CVE-2024-24754
Summary: The CVE concerns Bref running PHP on AWS Lambda with the Event-Driven Function runtime. When the Lambda event is converted to a PSR-7 request, multipart form data parts are parsed into nested arrays; specifically, keys ending with an open bracket (for example key0[key1][key2][) are treat...
CVE-2024-24754 Bref Body Parsing Inconsistency in Event-Driven Functions
Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and its content...
CVE-2024-24752 Bref Uploaded Files Not Deleted in Event-Driven Functions
Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and for each whic...
CVE-2024-24752 Bref Uploaded Files Not Deleted in Event-Driven Functions
Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and for each whic...
CVE-2024-24752 Bref Uploaded Files Not Deleted in Event-Driven Functions
Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and for each whic...
CVE-2024-24753 Bref Multiple Value Headers Not Supported in ApiGatewayFormatV2
Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two headers having the same key but different values only the latest one is kept. If an application relie...
CVE-2024-24753 Bref Multiple Value Headers Not Supported in ApiGatewayFormatV2
Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two headers having the same key but different values only the latest one is kept. If an application relie...
Malicious code in devportal-aws-lambda (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 586c4231b2500b2299bb0a25b45ebdeaec062531b446c12f7547ab351c1b616a The OpenSSF Package Analysis project identified 'devportal-aws-lambda' @ 1.0.0 npm as malicious. It is considered malicious because: - The packa...
Risk Fact #4: Malware in your Cloud means Exploitation is underway
Qualys Blog Series – 2023 TotalCloud Security Insights by the Threat Research Unit The 2023 TotalCloud Security Insights report from the Qualys Threat Research Unit TRU provides research insights, best practices, and detailed recommendations organized by five separate Risk Facts. The insights wil...