Lucene search
+L

43 matches found

OSV
OSV
added 2024/02/01 8:53 p.m.74 views

GHSA-99F9-GV72-FW9R Bref Doesn't Support Multiple Value Headers in ApiGatewayFormatV2

Impacted Resources bref/src/Event/Http/HttpResponse.php:61-90 Description When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. Precisely, if PHP generates a response with two headers having the same key but different values only the...

4.8CVSS6.7AI score0.00426EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2024/02/01 8:53 p.m.35 views

Bref's Uploaded Files Not Deleted in Event-Driven Functions

Impacted Resources bref/src/Event/Http/Psr7Bridge.php:94-125 Description When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each...

6.5CVSS7.2AI score0.0075EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2024/02/01 8:53 p.m.20 views

GHSA-X4HH-FRX8-98R5 Bref's Uploaded Files Not Deleted in Event-Driven Functions

Impacted Resources bref/src/Event/Http/Psr7Bridge.php:94-125 Description When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each...

6.5CVSS6.5AI score0.0075EPSS
Exploits1References5
NVD
NVD
added 2024/02/01 4:17 p.m.31 views

CVE-2024-24753

Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two headers having the same key but different values only the latest one is kept. If an application relie...

6.5CVSS5.5AI score0.00426EPSS
Exploits1References2
NVD
NVD
added 2024/02/01 4:17 p.m.47 views

CVE-2024-24754

Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and its content...

9.8CVSS5.8AI score0.00618EPSS
Exploits1References2
Prion
Prion
added 2024/02/01 4:17 p.m.25 views

Design/Logic Flaw

Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and its content...

7.5CVSS7.2AI score0.00618EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2024/02/01 4:17 p.m.23 views

Design/Logic Flaw

Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and for each whic...

4CVSS7AI score0.0075EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2024/02/01 4:17 p.m.18 views

Design/Logic Flaw

Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two headers having the same key but different values only the latest one is kept. If an application relie...

6.4CVSS7.2AI score0.00426EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/01 4:10 p.m.14 views

CVE-2024-24754 Bref Body Parsing Inconsistency in Event-Driven Functions

Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and its content...

3.7CVSS9.6AI score0.00618EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/02/01 4:10 p.m.51 views

CVE-2024-24754 Bref Body Parsing Inconsistency in Event-Driven Functions

Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and its content...

3.7CVSS9.8AI score0.00618EPSS
Exploits1References2
CVE
CVE
added 2024/02/01 4:10 p.m.53 views

CVE-2024-24754

Summary: The CVE concerns Bref running PHP on AWS Lambda with the Event-Driven Function runtime. When the Lambda event is converted to a PSR-7 request, multipart form data parts are parsed into nested arrays; specifically, keys ending with an open bracket (for example key0[key1][key2][) are treat...

9.8CVSS9.5AI score0.00618EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/02/01 4:10 p.m.129 views

CVE-2024-24754 Bref Body Parsing Inconsistency in Event-Driven Functions

Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and its content...

3.7CVSS9.2AI score0.00618EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/02/01 4:10 p.m.50 views

CVE-2024-24752 Bref Uploaded Files Not Deleted in Event-Driven Functions

Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and for each whic...

6.5CVSS6.6AI score0.0075EPSS
Exploits1References2
CVE
CVE
added 2024/02/01 4:10 p.m.56 views

CVE-2024-24752

Bref CVE-2024-24752 affects AWS Lambda deployments using Bref with the Event-Driven Function runtime and a RequestHandlerInterface. During multipart handling, uploaded parts that are files are saved to /tmp with random names starting bref_upload_ and are not deleted after the request is processed...

6.5CVSS6.3AI score0.0075EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/02/01 4:10 p.m.117 views

CVE-2024-24752 Bref Uploaded Files Not Deleted in Event-Driven Functions

Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and for each whic...

6.5CVSS6.4AI score0.0075EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/02/01 4:9 p.m.4 views

CVE-2024-24753 Bref Multiple Value Headers Not Supported in ApiGatewayFormatV2

Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two headers having the same key but different values only the latest one is kept. If an application relie...

4.8CVSS5.7AI score0.00426EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/02/01 4:9 p.m.38 views

CVE-2024-24753 Bref Multiple Value Headers Not Supported in ApiGatewayFormatV2

Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two headers having the same key but different values only the latest one is kept. If an application relie...

4.8CVSS6.7AI score0.00426EPSS
Exploits1References2
CVE
CVE
added 2024/02/01 4:9 p.m.77 views

CVE-2024-24753

CVE-2024-24753 concerns the Bref serverless PHP runtime on AWS Lambda. When used with API Gateway v2, Bref does not correctly handle multiple-value headers: if PHP emits two headers with the same name, only the last value is retained. This can undermine security policies that rely on multiple hea...

6.5CVSS6.4AI score0.00426EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/02/01 4:9 p.m.118 views

CVE-2024-24753 Bref Multiple Value Headers Not Supported in ApiGatewayFormatV2

Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two headers having the same key but different values only the latest one is kept. If an application relie...

4.8CVSS6.5AI score0.00426EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/02/01 12:0 a.m.8 views

Bref Security Breach

Bref is an open source project by Matthieu Napoli Individual Developer that helps you go serverless on AWS using PHP. A security vulnerability exists in versions prior to Bref 2.1.13 that stems from not handling multiple value headers when Bref is used in conjunction with a v2-formatted API gatew...

6.5CVSS6.7AI score0.00426EPSS
Exploits1References3
Rows per page
Query Builder