Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a `RequestHandlerInterface`, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and its content added in the `$files` or `$parsedBody` arrays. The conversion process produces a different output compared to the one of plain PHP when keys ending with and open square bracket ([) are used. Based on the application logic the difference in the body parsing might lead to vulnerabilities and/or undefined behaviors. This vulnerability is patched in 2.1.13.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-02-01T16:10:30.539Z
Updated: 2024-08-01T23:28:11.854Z
Reserved: 2024-01-29T20:51:26.010Z
Link: CVE-2024-24754
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2024-02-01T16:17:14.877
Modified: 2024-02-09T01:56:35.890
Link: CVE-2024-24754
Redhat
No data.