CVE-2020-8897

🗓️ 16 Nov 2020 12:14:15Reported by GoogleType

Weak robustness vulnerability in AWS Encryption SDKs for Java, Python, C and Javalcript prior to 2.0.0

Reporter	Title	Published	Views	Family All 9
OSV	CVE-2020-8897	16 Nov 202012:15	–	osv
OSV	Security issues in AWS KMS and AWS Encryption SDKs: in-band protocol negotiation and robustness	12 Oct 202116:01	–	osv
OSV	PYSEC-2020-261	16 Nov 202012:15	–	osv
Github Security Blog	Security issues in AWS KMS and AWS Encryption SDKs: in-band protocol negotiation and robustness	12 Oct 202116:01	–	github
Prion	Design/Logic Flaw	16 Nov 202012:15	–	prion
GitLab Advisory Database	Use of a Broken or Risky Cryptographic Algorithm	12 Oct 202100:00	–	gitlab
Cvelist	CVE-2020-8897 Robustness weakness in AWS KMS and Encryption SDKs	16 Nov 202011:55	–	cvelist
Veracode	In-band Protocol Negotiation And Robustness Weakness	17 Nov 202001:12	–	veracode
NVD	CVE-2020-8897	16 Nov 202012:15	–	nvd

Nvd

Vulners

Node

amazon aws_encryption_sdkRange<2.0.0

[
  {
    "platforms": [
      "all"
    ],
    "product": "AWS SDK",
    "vendor": "Amazon",
    "versions": [
      {
        "lessThan": "2.0.0",
        "status": "affected",
        "version": "stable",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
aws	www.aws.amazon.com/blogs/security/improved-client-side-encryption-explicit-keyids-and-key-commitment/
github	www.github.com/google/security-research/security/advisories/GHSA-wqgp-vphw-hphf

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

16 Nov 2020 12:15Current

6.2Medium risk

Vulners AI Score6.2

CVSS25.5

CVSS34.8 - 8.1

EPSS0.00121