CVE-2024-24752

Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and for each whic...

CVE-2019-10777

In aws-lambda versions prior to version 1.0.5, the "config.FunctioName" is used to construct the argument used within the "exec" function without any sanitization. It is possible for a user to inject arbitrary commands to the "zipCmd" used within "config.FunctionName"...

better-lambda-deploy (>=0.0.4 <=0.6.9), localambda (=0.0.1) +1 more potentially affected by CVE-2025-3048 via aws-sam-cli (>=0.17.0 <=1.12.0)

aws-sam-cli PYPI version =0.17.0, =0.0.4, =0.0.7, =0.0.12 Source cves: CVE-2025-3048 Source advisory: OSV:GHSA-PP64-WJ43-XQCR...

better-lambda-deploy (>=0.0.4 <=0.6.9), localambda (=0.0.1) +1 more potentially affected by CVE-2025-3047 via aws-sam-cli (>=0.17.0 <=1.12.0)

aws-sam-cli PYPI version =0.17.0, =0.0.4, =0.0.7, =0.0.12 Source cves: CVE-2025-3047 Source advisory: OSV:GHSA-PX37-JPQX-97Q9...

@capriza/far (>=0.1.2 <=2.4.2), @cobalt-engine/cobower (=2.0.0) +387 more potentially affected by CVE-2024-12905 via tar-fs (>=0.1.8 <=1.16.3)

tar-fs NPM version =0.1.8, =0.1.2, =6.0.3, =6.0.3, =6.0.3, =2.1.1, =0.10.2, =0.0.0-beta.1, =0.0.0-beta.1, =0.0.0-beta.1, =0.1.0, =0.1.0, =1.0.5, =1.1.2 - @elm-node/npm-scripts =1.0.0 - @hlsrules-test/fc-libreoffice =1.0.0 and more Source cves: CVE-2024-12905 Source advisory: OSV:GHSA-PQ67-2WWV-3X...

AWS VDP: A potential risk in the aws-lambda-ecs-run-task which can be used to privilege escalation.

The aws-lambda-ecs-run-task application created a function with a role that had excessive permissions, including the AdministratorAccess policy. This allowed for potential privilege escalation by an attacker...

OPENSUSE-SU-2024:0384-1 Security update for zabbix

This update for zabbix fixes the following issues: Zabbix was updated to 6.0.33: - this version fixes CVE-2024-36461 and CVE-2024-22114 - New Features and Improvements + ZBXNEXT-9000 Changed query table for ASM disk group metrics in Oracle Database plugin and Oracle by ODBC template Agent Templat...

The Future of Serverless Security in 2025: From Logs to Runtime Protection

Serverless environments, leveraging services such as AWS Lambda, offer incredible benefits in terms of scalability, efficiency, and reduced operational overhead. However, securing these environments is extremely challenging. The core of current serverless security practices often revolves around...

CVE-2024-10125

The Amazon.ApplicationLoadBalancer.Identity.AspNetCore repo https://github.com/awslabs/aws-alb-identity-aspnetcorevalidatetokensignature contains Middleware that can be used in conjunction with the Application Load Balancer ALB OpenId Connect integration and can be used in any ASP.NET...

CVE-2024-10125 Lack of JWT issuer and signer validation

The Amazon.ApplicationLoadBalancer.Identity.AspNetCore repo https://github.com/awslabs/aws-alb-identity-aspnetcorevalidatetokensignature contains Middleware that can be used in conjunction with the Application Load Balancer ALB OpenId Connect integration and can be used in any ASP.NET...

CVE-2024-10125

CVE-2024-10125 concerns the Amazon.ApplicationLoadBalancer.Identity.AspNetCore middleware used with ALB OpenID Connect in ASP.NET Core deployments. The root cause is that JWT handling performs signature validation but fails to validate the JWT issuer and signer identity, enabling a signed token f...

Malicious code in client-lambda (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eaf50ae6ac4fef994c4e5f3095c453c17478c09407aa364dce4a46981ba9eefc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-9551 Malicious code in client-lambda (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eaf50ae6ac4fef994c4e5f3095c453c17478c09407aa364dce4a46981ba9eefc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

LoadZilla LoadLogic 安全漏洞

LoadZilla LoadLogic is an application from LoadZilla, Inc. A security vulnerability exists in LoadZilla LoadLogic v1.4.3. An attacker can exploit the vulnerability to execute arbitrary code via the LogicLoadEc2DeployLambda and CredsGenFunction functions...

better-lambda-deploy (>=0.0.4 <=0.6.9), tc-sam-cli (>=0.0.7 <=0.0.12) potentially affected by unknown CVE via aws-sam-cli (>=0.17.0 <=0.53.0)

aws-sam-cli PYPI version =0.17.0, =0.0.4, =0.0.7, =0.0.12 Source cves: unknown CVE Source advisory: OSV:GHSA-RJC6-VM4H-85CG...

Attackers Exploit Public .env Files to Breach Cloud Accounts in Extortion Campaign

A large-scale extortion campaign has compromised various organizations by taking advantage of publicly accessible environment variable files .env that contain credentials associated with cloud and social media applications. "Multiple security missteps were present in the course of this campaign,...

AI/LLM Model File Contains Executable Code (Keras HFS5 .h5)

Binary data aimodelkerashfs5containsexecutablecode.nbin...

MAL-2024-7844 Malicious code in lambda-sns-dynatrace-sdk (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6846e2cf86562a1515400ba129d4fef5beb818c3002079e8bdd09c9e86f00fc5 Any computer that has this package install...

This Week in Spring - July 9th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! And what a week it's been! We've got a lot to get into, so let's dive right in. I quite liked this talk, Continuations: The magic behind virtual threads in Java by Balkrishna Rawool @ Spring I/O 2024 In last week's episode of...

MAL-2024-4068 Malicious code in Be.Vlaanderen.Basisregistеrs.Sqs.Lаmbda (NuGet)

--- -= Per source details. Do not edit below this line.=-...