How severe is CVE-2024-24753?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2024-24753?

This is classified as CWE-436, which is a common weakness in software security.

CVE-2024-24753

MEDIUM Year: 2024

CVSS v3 Score

6.5

Medium

Weakness Type

CWE-436

View all →

Vulnerability Description

Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two headers having the same key but different values only the latest one is kept. If an application relies on multiple headers with the same key being set for security reasons, then Bref would lower the application security. For example, if an application sets multiple `Content-Security-Policy` headers, then Bref would just reflect the latest one. This vulnerability is patched in 2.1.13.

CVE-2019-5892

MEDIUM

CVSS:6.5(Medium)

bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2 (not affecting Cumulus Linux or VyOS), when ENABLE_BGP_VNC is used for...

CWE-4362019

CVE-2022-0011

MEDIUM

CVSS:6.5(Medium)

PAN-OS software provides options to exclude specific websites from URL category enforcement and those websites are blocked or allowed (depending on your rules) regardless of their associated URL categ...

CWE-4362022

CVE-2022-29254

MEDIUM

CVSS:6.5(Medium)

silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. For a subset of Omnipay gateways (those that use intermediary states like `isNotification()` or `isRedirect()`), i...

CWE-4362022

CVE-2023-29406

MEDIUM

CVSS:6.5(Medium)

The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses t...

CWE-4362023

CVE-2023-30536

MEDIUM

CVSS:6.5(Medium)

slim/psr7 is a PSR-7 implementation for use with Slim 4. In versions prior to 1.6.1 an attacker could sneak in a newline (\n) into both the header names and values. While the specification states that...

CWE-4362023

CVE-2023-39481

MEDIUM

CVSS:6.6(Medium)

Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing...

CWE-4362023

CVE-2024-24753

Vulnerability Description

Related Vulnerabilities

CVE-2019-5892

CVE-2022-0011

CVE-2022-29254

CVE-2023-29406

CVE-2023-30536

CVE-2023-39481