Denial Of Service (DoS)

Riverline/multipart-parser is vulnerable to Denial of Service DoS. The vulnerability is due to the lack of limits on the length of header lines, allowing attackers to overwhelm server resources by sending requests with exceptionally long headers, potentially leading to Denial of Service DoS...

Serverless Billing Attack

bref/bref is vulnerable to Serverless Billing Attack. The vulnerability is due to slow multi-byte string operations performed on the Content-Type header values in the Riverline/multipart-parser library used by Bref. It allows an attacker to send specially crafted requests, causing long operations...

CVE-2024-29186 Slow String Operations via MultiPart Requests in Event-Driven Functions

Bref is an open-source project that helps users go serverless on Amazon Web Services with PHP. When Bref prior to version 2.1.17 is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion...

GHSA-J4HQ-F63X-F39R Slow String Operations via MultiPart Requests in Event-Driven Functions

Impacted Resources bref/src/Event/Http/Psr7Bridge.php:94-125 multipart-parser/src/StreamedPart.php:383-418 Description When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion...

PT-2024-22791 · Unknown +2 · Riverline/Multipart-Parser +2

Name of the Vulnerable Software and Affected Versions: Bref versions prior to 2.1.17 Description: The issue arises when Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface. During the conversion of a Lambda event to a PSR7 object, if the request is a...