381 matches found
CVE-2021-4437
A vulnerability, which was classified as problematic, has been found in dbartholomae lambda-middleware frameguard up to 1.0.4. Affected by this issue is some unknown functionality of the file packages/json-deserializer/src/JsonDeserializer.ts of the component JSON Mime-Type Handler. The...
Information disclosure
A vulnerability, which was classified as problematic, has been found in dbartholomae lambda-middleware frameguard up to 1.0.4. Affected by this issue is some unknown functionality of the file packages/json-deserializer/src/JsonDeserializer.ts of the component JSON Mime-Type Handler. The...
CVE-2021-4437 dbartholomae lambda-middleware frameguard JSON Mime-Type JsonDeserializer.ts redos
A vulnerability, which was classified as problematic, has been found in dbartholomae lambda-middleware frameguard up to 1.0.4. Affected by this issue is some unknown functionality of the file packages/json-deserializer/src/JsonDeserializer.ts of the component JSON Mime-Type Handler. The...
CVE-2021-4437
CVE-2021-4437 affects dbartholomae lambda-middleware frameguard
CVE-2021-4437 dbartholomae lambda-middleware frameguard JSON Mime-Type JsonDeserializer.ts redos
A vulnerability, which was classified as problematic, has been found in dbartholomae lambda-middleware frameguard up to 1.0.4. Affected by this issue is some unknown functionality of the file packages/json-deserializer/src/JsonDeserializer.ts of the component JSON Mime-Type Handler. The...
PT-2024-11035 · Dbartholomae · Lambda-Middleware Frameguard
Name of the Vulnerable Software and Affected Versions: dbartholomae lambda-middleware frameguard versions up to 1.0.4 Description: A problematic issue has been found in the JSON Mime-Type Handler component, specifically in the file packages/json-deserializer/src/JsonDeserializer.ts. The...
lambda-middleware Security Vulnerabilities
lambda-middleware is a collection of middleware for AWS lambda functions. A security vulnerability exists in dbartholomae lambda-middleware frameguard version 1.0.4 and earlier, which stems from a security vulnerability in the component JSON Mime-Type Handler...
sui.dif.cdmx.gob.mx Cross Site Scripting vulnerability OBB-3850554
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Interpretation Conflict
bref/bref is vulnerable to Interpretation Conflict. The vulnerability is due to incorrect parsing of open square braces in a request when a lambda event is converted to a PSR7 object. The difference in the body parsing can result in unintended parsing behavior...
Denial Of Service (DoS)
Bref is vulnerable to Denial Of Service DoS. The vulnerability is due to improper clean up of temporary files after processing a MultiPart requests when the Event-Driven Function runtime is utilized and the handler is a RequestHandlerInterface. This allows an attacker to fill the Lambda instance...
Bref vulnerable to Body Parsing Inconsistency in Event-Driven Functions
Impacted Resources bref/src/Event/Http/Psr7Bridge.php:130-168 Description When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each...
GHSA-82VX-MM6R-GG8W Bref vulnerable to Body Parsing Inconsistency in Event-Driven Functions
Impacted Resources bref/src/Event/Http/Psr7Bridge.php:130-168 Description When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each...
GHSA-99F9-GV72-FW9R Bref Doesn't Support Multiple Value Headers in ApiGatewayFormatV2
Impacted Resources bref/src/Event/Http/HttpResponse.php:61-90 Description When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. Precisely, if PHP generates a response with two headers having the same key but different values only the...
GHSA-X4HH-FRX8-98R5 Bref's Uploaded Files Not Deleted in Event-Driven Functions
Impacted Resources bref/src/Event/Http/Psr7Bridge.php:94-125 Description When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each...
Bref's Uploaded Files Not Deleted in Event-Driven Functions
Impacted Resources bref/src/Event/Http/Psr7Bridge.php:94-125 Description When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each...
CVE-2024-24753
Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two headers having the same key but different values only the latest one is kept. If an application relie...
CVE-2024-24752
Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and for each whic...
CVE-2024-24754
Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and its content...
Design/Logic Flaw
Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and for each whic...
Design/Logic Flaw
Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and its content...