Lucene search
K

396 matches found

Snyk
Snyk
added 2025/03/31 10:36 p.m.5 views

Directory Traversal

Overview aws-sam-cli is an AWS SAM CLI is a CLI tool for local development and testing of Serverless applications Affected versions of this package are vulnerable to Directory Traversal due to the handling of symlinks during the build process. An attacker can access and copy restricted files to a...

6.9CVSS7.4AI score0.00724EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/03/31 10:36 p.m.17 views

AWS SAM CLI Path Traversal allows file copy to build container

Summary The AWS Serverless Application Model Command Line Interface AWS SAM CLI is an open-source CLI tool that helps Lambda developers to build and develop Lambda applications locally on their computers using Docker. When running the AWS SAM CLI build process with Docker and symlinks are include...

6.9CVSS6.7AI score0.00724EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/03/31 4:15 p.m.4 views

CVE-2025-3048

After completing a build with AWS Serverless Application Model Command Line Interface SAM CLI which include symlinks, the content of those symlinks are copied to the cache of the local workspace as regular files or directories. As a result, a user who does not have access to those symlinks outsid...

6.9CVSS7AI score
Exploits0References3
NVD
NVD
added 2025/03/31 4:15 p.m.8 views

CVE-2025-3048

After completing a build with AWS Serverless Application Model Command Line Interface SAM CLI which include symlinks, the content of those symlinks are copied to the cache of the local workspace as regular files or directories. As a result, a user who does not have access to those symlinks outsid...

6.9CVSS0.0062EPSS
Exploits0References3
NVD
NVD
added 2025/03/31 4:15 p.m.11 views

CVE-2025-3047

When running the AWS Serverless Application Model Command Line Interface SAM CLI build process with Docker and symlinks are included in the build files, the container environment allows a user to access privileged files on the host by leveraging the elevated permissions granted to the tool. A use...

6.9CVSS0.00724EPSS
Exploits0References3
OSV
OSV
added 2025/03/31 4:15 p.m.5 views

CVE-2025-3047

When running the AWS Serverless Application Model Command Line Interface SAM CLI build process with Docker and symlinks are included in the build files, the container environment allows a user to access privileged files on the host by leveraging the elevated permissions granted to the tool. A use...

6.9CVSS7AI score
Exploits0References3
CVE
CVE
added 2025/03/31 3:21 p.m.57 views

CVE-2025-3048

CVE-2025-3048 concerns AWS SAM CLI. When building with Docker (--use-container) and symlinks are included, the content of those symlinks can be copied into the SAM CLI cache as regular files/directories, potentially exposing privileged host files to users within the local workspace. This affects ...

6.9CVSS6.7AI score0.0062EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/03/31 3:21 p.m.8 views

CVE-2025-3048 Path Traversal in AWS SAM CLI allows file copy to local cache

After completing a build with AWS Serverless Application Model Command Line Interface SAM CLI which include symlinks, the content of those symlinks are copied to the cache of the local workspace as regular files or directories. As a result, a user who does not have access to those symlinks outsid...

6.9CVSS6.7AI score0.0062EPSS
Exploits0References3
CVE
CVE
added 2025/03/31 3:21 p.m.65 views

CVE-2025-3047

CVE-2025-3047 affects the AWS SAM CLI when building with Docker in the local workspace. The issue arises from symlinks in build files, enabling a user to access privileged host files through the container’s elevated permissions. Impact is limited to local workspaces using container builds and doe...

6.9CVSS6.6AI score0.00724EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/03/31 12:0 a.m.3 views

AWS SAM CLI 安全漏洞

AWS SAM CLI is an Amazon Web Services open source CLI tool for building, testing, debugging and deploying serverless applications using AWS SAM. A security vulnerability exists in AWS SAM CLI that stems from a symbolic link that could lead to access to host privileged files...

6.9CVSS6.3AI score0.00724EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 7:2 a.m.4 views

CVE-2024-32980

Spin is the developer tool for building and running serverless applications powered by WebAssembly. Prior to 2.4.3, some specifically configured Spin applications that use self requests without a specified URL authority can be induced to make requests to arbitrary hosts via the Host HTTP header...

9.1CVSS9.2AI score0.00485EPSS
Exploits0References1
CVE
CVE
added 2025/01/28 3:19 p.m.2134 views

CVE-2025-23045

CVE-2025-23045 affects Computer Vision Annotation Tool (CVAT). An attacker with an account on an affected CVAT instance can execute arbitrary code in the Nuclio function container via serverless tracker functions (TransT and SiamMask); deployments with custom tracker functions may also be affecte...

9.8CVSS7AI score0.00483EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/01/28 12:0 a.m.5 views

Computer Vision Annotation Tool 代码问题漏洞

Computer Vision Annotation Tool CVAT is a cvat.ai open source interactive video and image annotation tool for computer vision. A code issue vulnerability exists in Computer Vision Annotation Tool that originates when running certain types of serverless functions, which could allow an attacker to...

9.8CVSS7AI score0.00483EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/01/23 1:2 p.m.20 views

Moderate: Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.35.0 security update & enhancements

Release of OpenShift Serverless Logic 1.35.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

7.5CVSS6.7AI score0.01262EPSS
Exploits2References4
Akamai Blog
Akamai Blog
added 2024/12/18 1:0 p.m.11 views

The Benefits of Serverless Computing Architecture

...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2024/11/28 11:30 a.m.4 views

The Future of Serverless Security in 2025: From Logs to Runtime Protection

Serverless environments, leveraging services such as AWS Lambda, offer incredible benefits in terms of scalability, efficiency, and reduced operational overhead. However, securing these environments is extremely challenging. The core of current serverless security practices often revolves around...

8.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/11/07 12:0 a.m.14 views

RHEL 8 : Red Hat OpenShift Serverless Client kn 1.12.0 (Moderate) (RHSA-2021:0145)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:0145 advisory. Red Hat OpenShift Serverless Client kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux...

7.5CVSS7.1AI score0.03813EPSS
Exploits2References13
Tenable Nessus
Tenable Nessus
added 2024/11/05 12:0 a.m.8 views

RHEL 8 : Release of OpenShift Serverless Client kn 1.16.0 (Moderate) (RHSA-2021:2704)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:2704 advisory. Red Hat OpenShift Serverless Client kn 1.16.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.16.0. The kn CLI is delivered a...

7.5CVSS7.2AI score0.03692EPSS
Exploits1References12
Wiz blog
Wiz blog
added 2024/10/28 2:0 p.m.12 views

Expanding Wiz Runtime Sensor Coverage - Now Blocking Threats and Protecting Serverless Containers at Runtime

Wiz extends its cloud-native runtime sensor to secure serverless containers, providing deep visibility, blocking, and hunting capabilities for AWS Fargate and Azure Container Apps...

7.2AI score
Exploits0
Wiz blog
Wiz blog
added 2024/10/28 2:0 p.m.13 views

Wiz Expands Runtime Protection to Serverless Containers

Wiz extends its cloud-native runtime sensor to secure serverless containers, providing deep visibility, blocking, and hunting capabilities for AWS Fargate and Azure Container Apps...

7.2AI score
Exploits0
Rows per page
Query Builder