35 matches found
MAL-2023-185 Malicious code in cloud-functions-apply-gce-sizing-recommendations (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dff71f573ab0c75770c1eb1201e5e39139353eacb5afd6db5270d684e0bee416 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Spring Cloud Function SpEL Injection (CVE-2022-22963) Exploited in the Wild
Although Spring Cloud Functions are not as widespread as the Log4j library, and should provide a good separation from the hosting server, some draw the line between the two, due to the ease of exploitation over HTTP/s. This new vulnerability will definitely result in many threat actors launching...
Security Bulletin: IBM Cloud Functions web actions API endpoint change
Summary In order to improve the stability of the service and to prevent potential weaknesses in the services' web actions functionality we introduced a new IBM Cloud Functions API endpoint .functions.appdomain.cloud for web actions which use text/html response data. The previously used API endpoi...
Information Disclosure
apollo-server-cloud-functions is vulnerable to information disclosure. The vulnerability exists as ApolloServer incorrectly drops the values of this.requestOptions.validationRules when creating a SubscriptionServer...
Information Exposure
Overview Versions of apollo-server-cloud-functions prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, thei...
@hello10/jump-server (>=1.0.0 <=1.1.3) potentially affected by unknown CVE via apollo-server-cloud-functions (=2.13.0)
apollo-server-cloud-functions NPM version =2.13.0 is affected by a known vulnerability. The following packages have a transitive dependency on apollo-server-cloud-functions and may be impacted: - @hello10/jump-server =1.0.0, =1.1.3 Source cves: unknown CVE Source advisory: OSV:GHSA-W42G-7VFC-XF37...
CVE-2020-11872
The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication attacks by making billions of TempID requests before an AES-256-GCM key rotation occurs...
CVE-2020-11872
The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication attacks by making billions of TempID requests before an AES-256-GCM key rotation occurs...
Session fixation
The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication attacks by making billions of TempID requests before an AES-256-GCM key rotation occurs...
CVE-2020-11872
The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication attacks by making billions of TempID requests before an AES-256-GCM key rotation occurs...
CVE-2020-11872
The CVE-2020-11872 entry concerns the Cloud Functions subsystem in OpenTrace 1.0. The vulnerability arises from fabrications possible by issuing billions of TempID requests before an AES-256-GCM key rotation, as described in the provided documents. The connected records consistently reference the...
Security Bulletin: IBM Cloud Functions is affected by a privilege escalation vulnerability in runc
Summary IBM Cloud Functions is affected by a security vulnerability in runc which could allow an attacker, authorized to run a process as root inside a container, to execute arbitrary commands with root privileges on the container’s host system. Vulnerability Details CVEID: CVE-2019-5736...
CLI for Ephemeral Penetration Testing: hideNsneak
This application assists in managing attack infrastructure for penetration testers by providing an interface to rapidly deploy, manage, and take down various cloud services. These include VMs, domain fronting, Cobalt Strike servers, API gateways, and firewalls. hideNsneak provides a simple...
Security Bulletin: IBM Cloud Functions is affected by two function runtimevulnerabilities
Summary IBM Cloud Functions has addressed the following vulnerabilities. Users of the IBM Cloud Functions service that are using docker actions https://console.bluemix.net/docs/openwhisk/openwhiskactions.htmlcreating-docker-actions are affected but only if the user's function has a general securi...
IBM fixes flaw that let hackers replace its serverless code with their own
By Waqas This is the first publicly-disclosed vulnerability in a serverless platform. Experts at IBM The International Business Machines Corporation have patched a critical vulnerability in its Cloud Functions which if exploited could allow remote malicious hackers to replace company's serverless...