How severe is CVE-2024-24754?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2024-24754?

This is classified as CWE-436, which is a common weakness in software security.

CVE-2024-24754

CRITICAL Year: 2024

CVSS v3 Score

9.8

Critical

Weakness Type

CWE-436

View all →

Vulnerability Description

Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a `RequestHandlerInterface`, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and its content added in the `$files` or `$parsedBody` arrays. The conversion process produces a different output compared to the one of plain PHP when keys ending with and open square bracket ([) are used. Based on the application logic the difference in the body parsing might lead to vulnerabilities and/or undefined behaviors. This vulnerability is patched in 2.1.13.

CVE-2019-19589

CRITICAL

CVSS:9.8(Critical)

The Lever PDF Embedder plugin 4.4 for WordPress does not block the distribution of polyglot PDF documents that are valid JAR archives. Note: It has been argued that "The vulnerability reported in PDF ...

CWE-4362019

CVE-2020-10180

CRITICAL

CVSS:9.8(Critical)

The ESET AV parsing engine allows virus-detection bypass via a crafted BZ2 Checksum field in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus...

CWE-4362020

CVE-2021-45327

CRITICAL

CVSS:9.8(Critical)

Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. which could let a remote malisious user execute arbitrary code...

CWE-4362021

CVE-2023-24813

CRITICAL

CVSS:9.8(Critical)

Dompdf is an HTML to PDF converter written in php. Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrary URLs with arbitrary protocols. Dompdf p...

CWE-4362023

CVE-2019-18792

CRITICAL

CVSS:9.1(Critical)

An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature by overlapping a TCP segment with a fake FIN packet. The fake FIN packet is injected just before the P...

CWE-4362019

CVE-2024-38428

CRITICAL

CVSS:9.1(Critical)

url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent...

CWE-4362024

CVE-2024-24754

Vulnerability Description

Related Vulnerabilities

CVE-2019-19589

CVE-2020-10180

CVE-2021-45327

CVE-2023-24813

CVE-2019-18792

CVE-2024-38428