6 matches found
EUVD-2024-0566
Malicious code in bioql PyPI...
EUVD-2024-0757
Malicious code in bioql PyPI...
CVE-2024-24753
Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two headers having the same key but different values only the latest one is kept. If an application relie...
CVE-2024-24754
Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and its content...
CVE-2024-24754
Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and its content...
Bref Security Breach
Bref is an open source project by Matthieu Napoli Individual Developer that helps you go serverless on AWS using PHP. A security vulnerability exists in versions prior to Bref 2.1.13 that stems from not handling multiple value headers when Bref is used in conjunction with a v2-formatted API gatew...