Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Bref Body Parsing Inconsistency in Event-Driven Functions
Vulnerability Description
Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a `RequestHandlerInterface`, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and its content added in the `$files` or `$parsedBody` arrays. The conversion process produces a different output compared to the one of plain PHP when keys ending with and open square bracket ([) are used. Based on the application logic the difference in the body parsing might lead to vulnerabilities and/or undefined behaviors. This vulnerability is patched in 2.1.13.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
解释冲突
Vulnerability Title
Bref 安全漏洞
Vulnerability Description
Bref是Matthieu Napoli个人开发者的一个开源项目,可帮助您使用 PHP 在 AWS 上实现无服务器。 Bref 2.1.13之前版本存在安全漏洞,该漏洞源于Bref和Event-Driven函数对正文的解析不一致。
CVSS Information
N/A
Vulnerability Type
N/A