CVE-2024-24753

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Feb 1, 2024

Updated: Feb 9, 2024

CWE ID 436

Summary

CVE-2024-24753 is a vulnerability affecting Bref, a serverless PHP application for AWS Lambda. When used with an API Gateway in v2 format, Bref fails to handle multiple value headers properly. PHP responses with conflicting header keys result in only the last one being kept, potentially undermining an application's security. This issue is particularly significant when an application requires multiple headers with the same key for security reasons, such as `Content-Security-Policy` headers. The vulnerability is addressed in version 2.1.13 of Bref.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uVG5vD
https://www.cve.org/CVERecord?id=CVE-2024-24753
https://nvd.nist.gov/vuln/detail/CVE-2024-24753

Back to Vulnerability Database

CVE-2024-24753

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations