CVE-2024-24752

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Feb 1, 2024

Updated: Feb 9, 2024

CWE ID 400

Summary

CVE-2024-24752: Bref, a serverless PHP deployment tool for AWS Lambda, allows an attacker to fill the Lambda instance disk by manipulating MultiPart requests. When Bref converts a MultiPart event to a PSR7 object, each file is temporarily saved in `/tmp` without deletion upon request processing completion. This vulnerability, which mimics PHP's behavior but lacks proper cleanup, can be exploited to consume valuable disk space and potentially impact Lambda performance. The issue has been resolved in version 2.1.13.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uVGiIU
https://www.cve.org/CVERecord?id=CVE-2024-24752
https://nvd.nist.gov/vuln/detail/CVE-2024-24752

Back to Vulnerability Database

CVE-2024-24752

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations