CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The CVE concerns the AWS Deployment Framework (ADF) bootstrap process. Prior to v4.0.0, the bootstrap CodeBuild role could call sts:AssumeRole without restrictions, enabling escalation to any AWS account in the organization with elevated privileges. Patches are included in aws-deployment-framewor...

7.8CVSS7.9AI score0.00152EPSS

Exploits0References4Affected Software1

Vulnrichment•added 2024/06/11 4:49 p.m.•18 views

CVE-2024-37293 aws-deployment-framework's potential risk can lead to privilege escalation

The AWS Deployment Framework ADF is a framework to manage and deploy resources across multiple AWS accounts and regions within an AWS Organization. ADF allows for staged, parallel, multi-account, cross-region deployments of applications or resources via the structure defined in AWS Organizations...

7.5CVSS7.6AI score0.00152EPSS

Exploits0References4

OSSF Malicious Packages•added 2024/04/22 6:10 a.m.•2 views

Malicious code in lambda-iss-location (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6d7bd1b87c4b816789f583c6667d202f613eab5d352c1fcbe90fe1b182a0d13c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score

Exploits0References3

CERT•added 2024/04/16 12:0 a.m.•36 views

Keras 2 Lambda Layers Allow Arbitrary Code Injection in TensorFlow Models

Overview Lambda Layers in third party TensorFlow-based Keras models allow attackers to inject arbitrary code into versions built prior to Keras 2.13 that may then unsafely run with the same permissions as the running application. For example, an attacker could use this feature to trojanize a...

9.8CVSS9.7AI score0.0037EPSS

Exploits1References6

NVD•added 2024/03/22 5:15 p.m.•10 views

CVE-2024-29186

Bref is an open-source project that helps users go serverless on Amazon Web Services with PHP. When Bref prior to version 2.1.17 is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion...

5.3CVSS5.2AI score0.00117EPSS

Exploits1References2

Cvelist•added 2024/03/22 5:7 p.m.•11 views

CVE-2024-29186 Slow String Operations via MultiPart Requests in Event-Driven Functions

5.3CVSS5.4AI score0.00117EPSS

Exploits1References2

OSV•added 2024/03/22 4:57 p.m.•16 views

GHSA-J4HQ-F63X-F39R Slow String Operations via MultiPart Requests in Event-Driven Functions

Impacted Resources bref/src/Event/Http/Psr7Bridge.php:94-125 multipart-parser/src/StreamedPart.php:383-418 Description When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion...

5.3CVSS5.2AI score0.00117EPSS

Exploits1References4

Github Security Blog•added 2024/03/22 4:57 p.m.•20 views

Slow String Operations via MultiPart Requests in Event-Driven Functions

5.3CVSS7AI score0.00117EPSS

Exploits1References4Affected Software1

Github Security Blog•added 2024/02/12 9:30 p.m.•22 views

lambda-middleware Inefficient Regular Expression Complexity vulnerability

A vulnerability, which was classified as problematic, has been found in dbartholomae lambda-middleware frameguard up to 1.0.4. Affected by this issue is some unknown functionality of the file packages/json-deserializer/src/JsonDeserializer.ts of the component JSON Mime-Type Handler. The...

6.5CVSS7AI score0.00032EPSS

Exploits0References8Affected Software1

OSV•added 2024/02/12 9:30 p.m.•9 views

GHSA-M3F4-957X-M785 lambda-middleware Inefficient Regular Expression Complexity vulnerability

3.5CVSS5AI score0.00032EPSS

Exploits0References8

NVD•added 2024/02/12 8:15 p.m.•9 views

CVE-2021-4437

6.5CVSS3.9AI score0.00032EPSS

Exploits0References5

Rows per page