Browse all 4 CVE security advisories affecting brefphp. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Brefphp is a serverless deployment platform for PHP applications, enabling developers to run PHP code on cloud infrastructure without managing servers. Historically, it has been associated with several security vulnerabilities, including remote code execution (RCE) and cross-site scripting (XSS) flaws, often stemming from improper input validation and insecure default configurations. While no major public security incidents have been documented, the four CVEs on record highlight potential risks in its deployment and execution environments. The platform's security posture is particularly notable for its reliance on cloud provider security measures, which can introduce additional attack surfaces if misconfigured.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-29186 | Slow String Operations via MultiPart Requests in Event-Driven Functions — brefCWE-400 | 5.3 | Medium | 2024-03-22 |
| CVE-2024-24754 | Bref Body Parsing Inconsistency in Event-Driven Functions — brefCWE-436 | 3.7 | Low | 2024-02-01 |
| CVE-2024-24752 | Bref Uploaded Files Not Deleted in Event-Driven Functions — brefCWE-400 | 6.5 | Medium | 2024-02-01 |
| CVE-2024-24753 | Bref Multiple Value Headers Not Supported in ApiGatewayFormatV2 — brefCWE-436 | 4.8 | Medium | 2024-02-01 |
This page lists every published CVE security advisory associated with brefphp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.