Rapid7 Announces Release of New tCell Amazon CloudFront Agent

Cloud-native approaches to building, hosting, and delivering web applications are growing rapidly. Content delivery networks CDNs such as Amazon CloudFront are on the rise, pushing content closer to end users to improve the performance of web applications. To protect web applications security tea...

Out-of-bounds (OOB) Read/Write

tensorflow is vulnerable to out-of-bounds OOB read/write. Lack of proper handling of the last argument of Shard API, a function taking two arguments of the lambda allows an attacker to lead to a truncation of arguments from positive int64 values to negative int ones, resulting in a buffer out of...

PYSEC-2020-317

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the Shard API in TensorFlow expects the last argument to be a function taking two int64 i.e., long long arguments. However, there are several places in TensorFlow where a lambda taking int or int32 arguments is being used. In...

Automated Discovery and Assessment of PaaS Databases with Lambda Service for Qualys Policy Compliance

In the last several years, Platform as a Service PaaS solutions have evolved and matured. As organizations have focused on digital transformation, there has been a major shift towards adopting PaaS solutions driven by benefits including scalability, agility, faster deployment, and cost-effective...

DAGOBAH - Open Source Tool To Generate Internal Threat Intelligence, Inventory & Compliance Data From AWS Resources

Dagobah is an open source tool written in python to automate the internal threat intelligence generation, inventory collection and compliance check from different AWS resources. Dagobah collects information and save the state into an elasticsearch index. Dagobah runs into the a LAMBDA and looks a...

Cloudsplaining - An AWS IAM Security Assessment Tool That Identifies Violations Of Least Privilege And Generates A Risk-Prioritized Report

Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized HTML report. Example report Documentation For full documentation, please visit the project on ReadTheDocs. Installation Cheat sheet Example report Overview...

Reflected XSS in GraphQL Playground

Impact directly impacted: - [email protected] - all unsanitized user input for renderPlaygroundPage all of our consuming packages of graphql-playground-html are impacted: - [email protected] - unsanitized user input to expressPlayground -...

Information Exposure

Overview Versions of apollo-server-lambda prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, their relatio...

8base-cli (>=0.0.80 <=0.0.90), @awoyotoyin/ts-graphql-yoga-express-starter (=1.0.0) +128 more potentially affected by unknown CVE via apollo-server-lambda (>=1.3.2 <=2.11.0)

apollo-server-lambda NPM version =1.3.2, =0.0.80, =0.1.0-latest.5b715197, =0.1.0, =0.1.1, =1.0.0, =0.0.1-beta, =1.0.0, =1.7.0, =0.0.1, =1.0.1-alpha.0, =1.0.0, =1.16.9 - @jokio/graphql-yoga =1.0.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-W42G-7VFC-XF37...

lambda-tdk.ru Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1154958 Security Researcher geeknik Helped patch 8815 vulnerabilities Received 8 Coordinated Disclosure badges Received 20 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting lambda-tdk.ru website and...

GHSA-934X-72XH-5HRG OS command injection in aws-lambda

In aws-lambda versions prior to version 1.0.5, the "config.FunctioName" is used to construct the argument used within the "exec" function without any sanitization. It is possible for a user to inject arbitrary commands to the "zipCmd" used within "config.FunctionName"...

OS command injection in aws-lambda

In aws-lambda versions prior to version 1.0.5, the "config.FunctioName" is used to construct the argument used within the "exec" function without any sanitization. It is possible for a user to inject arbitrary commands to the "zipCmd" used within "config.FunctionName"...

Pytm - A Pythonic Framework For Threat Modeling

Define your system in Python using the elements and properties described in the pytm framework. Based on your definition, pytm can generate, a Data Flow Diagram DFD, a Sequence Diagram and most important of all, threats to your system. Requirements Linux/MacOS Python 3.x Graphviz package Java...

Automating API Security in the Cloud

These days, the most common way for services to communicate and transfer data is by using APIs. However, broken, exposed, or hacked APIs are the cause of some of the latest major data breaches, as they have the potential to expose sensitive data for public consumption. Securing your APIs is...

aws-lambda operating system command injection vulnerability

AWS-Lambda is a computing service that runs code without pre-configured or managed servers. An operating system command injection vulnerability exists in versions of aws-lambda prior to 1.0.5, which stems from a program that fails to perform any cleanup operations before using config.FunctioName ...

Arbitrary Command Injection

aws-lambda is vulnerable to arbitrary command injection. The vulnerability exists due to the lack of sanitization on the value of config.FunctionName, allowing injection payloads to reach the exec function...

CVE-2019-10777

In aws-lambda versions prior to version 1.0.5, the "config.FunctioName" is used to construct the argument used within the "exec" function without any sanitization. It is possible for a user to inject arbitrary commands to the "zipCmd" used within "config.FunctionName"...

CVE-2019-10777

In aws-lambda versions prior to version 1.0.5, the "config.FunctioName" is used to construct the argument used within the "exec" function without any sanitization. It is possible for a user to inject arbitrary commands to the "zipCmd" used within "config.FunctionName"...

Design/Logic Flaw

In aws-lambda versions prior to version 1.0.5, the "config.FunctioName" is used to construct the argument used within the "exec" function without any sanitization. It is possible for a user to inject arbitrary commands to the "zipCmd" used within "config.FunctionName"...

CVE-2019-10777

In aws-lambda versions prior to version 1.0.5, the "config.FunctioName" is used to construct the argument used within the "exec" function without any sanitization. It is possible for a user to inject arbitrary commands to the "zipCmd" used within "config.FunctionName"...