92 matches found
CVE-2019-10777
CVE-2019-10777 affects aws-lambda prior to v1.0.5. The vulnerability arises because config.FunctioName is used to assemble the argument for exec without sanitization, enabling an attacker to inject arbitrary commands into the zipCmd executed via config.FunctionName. Impact ranges from partial to ...
Command Injection
Overview aws-lambda is a command line tool deploy code to AWS Lambda. Affected versions of this package are vulnerable to Command Injection. The config.FunctioName is used to construct the argument used within the exec function without any sanitization. It is possible for a user to inject arbitra...
Serverless ETLs? Easy Data Lake Transformations using AWS Athena
In a data lake raw data is added with little or no processing, allowing you to query it straight away. This gives you a great way to learn about your data - whether it represents a quick win or a fast fall. However, there are two disadvantages: performance and costs. If, for example you added CSV...
Taking Reputation to Scale: An Iterative Journey with an Agile Approach (Part 2)
In Part 1 of this blog, we shared with you the challenges we had in balancing latency, scalability, and cost for our reputation services. In this blog, we’ll give you some insights into each major iteration along that journey, from the beginning to where we are now. 100 requests per second. Befor...
Assess Vulnerabilities, Misconfigurations in AWS Golden AMI Pipelines
Today we’re starting a blog series focused on how to integrate Qualys solutions into DevSecOps for securing cloud infrastructures. In this initial post, we’ll discuss the importance of assessing vulnerabilities and misconfigurations on AWS pipelines. When developing golden Amazon Machine Images...
Anton Myshenin aws-lambda-multipart-parser NPM Packet Denial of Service Vulnerability
Anton Myshenin aws-lambda-multipart-parser NPM is a parser for handling multiple form data requests. A security vulnerability exists in the index.js file in the Anton Myshenin aws-lambda-multipart-parser NPM package prior to version 0.1.2. An attacker can exploit the vulnerability to cause a deni...
AWS Lambda parser is vulnerable to Regular Expression Denial of Service
index.js in the aws-lambda-multipart-parser NPM package before 0.1.2 has a Regular Expression Denial of Service ReDoS issue via a crafted multipart/form-data boundary string...
GHSA-6JQP-J69Q-PM62 AWS Lambda parser is vulnerable to Regular Expression Denial of Service
index.js in the aws-lambda-multipart-parser NPM package before 0.1.2 has a Regular Expression Denial of Service ReDoS issue via a crafted multipart/form-data boundary string...
Regular Expression Denial Of Service (ReDoS)
aws-lambda-multipart-parser is vulnerable to regular expression denial of service ReDoS attacks. These attacks are possible through a multipart/form-data boundary string and allows attackers to inject and execute arbitrary code...
CVE-2018-7560
index.js in the Anton Myshenin aws-lambda-multipart-parser NPM package before 0.1.2 has a Regular Expression Denial of Service ReDoS issue via a crafted multipart/form-data boundary string...
CVE-2018-7560
index.js in the Anton Myshenin aws-lambda-multipart-parser NPM package before 0.1.2 has a Regular Expression Denial of Service ReDoS issue via a crafted multipart/form-data boundary string...
Conversations on Securing Microservices, API Gateways and Containers
Last month, I met James name changed while at AWS Summit in London. As I was managing Imperva's booth, he walked over to me with a query about what we do. A conversation ensued and James described his company for me. They were into financial-legal intermediation between underwriters, insurance...