11 matches found
EUVD-2024-0944
Malicious code in bioql PyPI...
CVE-2024-29186 Slow String Operations via MultiPart Requests in Event-Driven Functions
Bref is an open-source project that helps users go serverless on Amazon Web Services with PHP. When Bref prior to version 2.1.17 is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion...
CVE-2024-29186 Slow String Operations via MultiPart Requests in Event-Driven Functions
Bref is an open-source project that helps users go serverless on Amazon Web Services with PHP. When Bref prior to version 2.1.17 is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion...
CVE-2024-29186 Slow String Operations via MultiPart Requests in Event-Driven Functions
Bref is an open-source project that helps users go serverless on Amazon Web Services with PHP. When Bref prior to version 2.1.17 is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion...
GHSA-J4HQ-F63X-F39R Slow String Operations via MultiPart Requests in Event-Driven Functions
Impacted Resources bref/src/Event/Http/Psr7Bridge.php:94-125 multipart-parser/src/StreamedPart.php:383-418 Description When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion...
Slow String Operations via MultiPart Requests in Event-Driven Functions
Impacted Resources bref/src/Event/Http/Psr7Bridge.php:94-125 multipart-parser/src/StreamedPart.php:383-418 Description When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion...
Denial Of Service (DoS)
Bref is vulnerable to Denial Of Service DoS. The vulnerability is due to improper clean up of temporary files after processing a MultiPart requests when the Event-Driven Function runtime is utilized and the handler is a RequestHandlerInterface. This allows an attacker to fill the Lambda instance...
GHSA-82VX-MM6R-GG8W Bref vulnerable to Body Parsing Inconsistency in Event-Driven Functions
Impacted Resources bref/src/Event/Http/Psr7Bridge.php:130-168 Description When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each...
CVE-2024-24754
Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and its content...
CVE-2024-24752 Bref Uploaded Files Not Deleted in Event-Driven Functions
Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and for each whic...
CVE-2017-16790: Ensure that submitted data are uploaded files
Affected versions Symfony 2.7.0 to 2.7.37, 2.8.0 to 2.8.30, 3.2.0 to 3.2.13, and 3.3.0 to 3.3.12 versions of the Symfony Form component are affected by this security issue. The issue has been fixed in Symfony 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. Note that no fixes are provide...