Can we talk about remote code execution in a serverless? Let's say I have a Cloud Function in GCP that's vulnerable to RCE. If an attacker uses the right payload, will he be able to execute commands on the container of the Cloud Function ? Thank you for your help!
I am testing a security tool on GCP that identified vulnerabilities in the Cloud Functions.
Your question is too broad. RCE is a big topic that requires articles to cover.
There are two basic types of RCE:
Cloud Functions does not have an operating system or command shell, so the first type of RCE is not possible.
The second type of RCE would depend on your code and of course, is a risk for code with vulnerabilities that can be reached via the function's public endpoint.