7 matches found
EUVD-2021-2069
Malware in sbrugna...
CVE-2021-38384
Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code i.e., possibly greater than expected...
@0xc/serverless-offline-aws-sqs (>=1.0.0 <=2.0.3), @1eg/cert-manager-to-azion (>=0.0.1 <=0.2.0) +2898 more potentially affected by CVE-2024-21534 via jsonpath-plus (>=0.12.0 <=10.1.0)
jsonpath-plus NPM version =0.12.0, =1.0.0, =0.0.1, =0.0.1, =0.0.1-alpha, =0.4.0-next.10, =0.7.0, =0.0.1, =1.0.0, =1.0.98-alpha.0, =1.3.65-alpha.0, =1.27.0, =0.0.1, =1.0.0-atomist-update-latest-1544450968007.20181210141037, =1.0.0-atomist-update-latest-1544451015596.20181210141150,...
GHSA-H97F-5258-5593 Incorrect Authorization in serverless-offline
Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code i.e., possibly greater than expected...
Privilege Escalation
serverless-offline is vulnerable to privilege escalation. The vulnerability exists in createAuthScheme function of createAuthScheme.js due to an insecure access control from a misinterpreted HTTP status code which allows an attacker to download a web content page via malicious URL...
Improper access control
Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code i.e., possibly greater than expected...
CVE-2021-38384
CVE-2021-38384 affects Serverless Offline 8.0.0. The issue is that a route with a trailing / may yield a 403 in some contexts, while AWS/Lambda behavior can be 200, potentially granting higher permissions than intended due to an insecure access control interpretation. Root cause described as a mi...