62 matches found
EUVD-2024-0566
Malicious code in bioql PyPI...
EUVD-2022-1513
Malicious code in bioql PyPI...
EUVD-2023-1416
Malicious code in bioql PyPI...
EUVD-2023-3109
Malicious code in bioql PyPI...
CVE-2024-24754
Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and its content...
MGASA-2025-0023 Updated phpmyadmin packages fix security vulnerabilities
fix possible security issue with library code slim/psr7 CVE-2023-30536 fix possible security issue relating to iconv CVE-2024-2961, PMASA-2025-3 fix an XSS vulnerability in the check tables feature PMASA-2025-1 fix an XSS vulnerability in the Insert tab PMASA-2025-2...
Debian dla-3705 : php-guzzlehttp-psr7 - security update
The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3705 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3705-1 [email protected]...
CVE-2024-29186 Slow String Operations via MultiPart Requests in Event-Driven Functions
Bref is an open-source project that helps users go serverless on Amazon Web Services with PHP. When Bref prior to version 2.1.17 is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion...
GHSA-J4HQ-F63X-F39R Slow String Operations via MultiPart Requests in Event-Driven Functions
Impacted Resources bref/src/Event/Http/Psr7Bridge.php:94-125 multipart-parser/src/StreamedPart.php:383-418 Description When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion...
Slow String Operations via MultiPart Requests in Event-Driven Functions
Impacted Resources bref/src/Event/Http/Psr7Bridge.php:94-125 multipart-parser/src/StreamedPart.php:383-418 Description When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion...
Ubuntu: Security Advisory (USN-6671-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-6670-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-6671-1: php-nyholm-psr7 vulnerability
It was discovered that php-nyholm-psr7 incorrectly parsed HTTP headers. A remote attacker could possibly use this issue to perform an HTTP header injection attack...
USN-6670-1: php-guzzlehttp-psr7 vulnerabilities
It was discovered that php-guzzlehttp-psr7 incorrectly parsed HTTP headers. A remote attacker could possibly use these issues to perform an HTTP header injection attack...
USN-6670-1 php-guzzlehttp-psr7 vulnerabilities
It was discovered that php-guzzlehttp-psr7 incorrectly parsed HTTP headers. A remote attacker could possibly use these issues to perform an HTTP header injection attack...
Ubuntu 20.04 LTS / 22.04 LTS : php-guzzlehttp-psr7 vulnerabilities (USN-6670-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6670-1 advisory. It was discovered that php-guzzlehttp-psr7 incorrectly parsed HTTP headers. A remote attacker could possibly use these issues to perform an...
Ubuntu 22.04 LTS : php-nyholm-psr7 vulnerability (USN-6671-1)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6671-1 advisory. It was discovered that php-nyholm-psr7 incorrectly parsed HTTP headers. A remote attacker could possibly use this issue to perform an HTTP header injection attack...
Interpretation Conflict
bref/bref is vulnerable to Interpretation Conflict. The vulnerability is due to incorrect parsing of open square braces in a request when a lambda event is converted to a PSR7 object. The difference in the body parsing can result in unintended parsing behavior...
Bref vulnerable to Body Parsing Inconsistency in Event-Driven Functions
Impacted Resources bref/src/Event/Http/Psr7Bridge.php:130-168 Description When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each...
GHSA-82VX-MM6R-GG8W Bref vulnerable to Body Parsing Inconsistency in Event-Driven Functions
Impacted Resources bref/src/Event/Http/Psr7Bridge.php:130-168 Description When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each...