4 matches found
br.com.guiabolso:hyperloop-transport (>=3.0.1 <=3.0.2), com.eoniantech:secrets-locker (>=1.0 <=1.2) +8 more potentially affected by CVE-2020-8897 via com.amazonaws:aws-encryption-sdk-java (>=0.0.1 <=1.9.0)
com.amazonaws:aws-encryption-sdk-java MAVEN version =0.0.1, =3.0.1, =1.0, =2.3.2, =0.3.0, =2.8.0, =2.11.1 - org.apache.ignite:ignite-aws-ext =1.0.0 - org.dreamhorizon:vertx-cron =1.0.0 - software.amazon.cloudformation:aws-cloudformation-rpdk-java-plugin =2.0.12 Source cves: CVE-2020-8897 Source...
cloud-backup (=1.0.0), samsteady-python-crypto (>=1.0.2 <=1.0.17) potentially affected by CVE-2020-8897 via aws-encryption-sdk (>=1.3.7 <=1.4.1)
aws-encryption-sdk PYPI version =1.3.7, =1.0.2, =1.0.17 Source cves: CVE-2020-8897 Source advisory: OSV:GHSA-WQGP-VPHW-HPHF...
CVE-2020-8897
creationtimestamp| type| source ---|---|--- 2020-11-16 14:37:22+00:00| seen| https://t.me/cibsecurity/16339...
CVE-2020-8897
CVE-2020-8897 : A weak robustness vulnerability affects the AWS Encryption SDKs for Java, Python, C and Javalcript prior to 2.0.0. The non-committing property of AES-GCM (and related AEAD ciphers) can let an attacker craft a unique ciphertext that decrypts to multiple different results, which is ...