Lucene search
K

94 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 6:18 p.m.6 views

CVE-2021-21304

Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dynamoose from version 2.0.0 and before version 2.7.0 there was a prototype pollution vulnerability in the internal utility method "lib/utils/object/set.ts". This method is used throughout the codebase for various operations...

9.8CVSS6.8AI score0.01894EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/12/21 8:10 a.m.5 views

Malicious code in dynamodb-data-mapper-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 93e1601651b9c7ac38203563ebdc9231ff5ac6298c9dee85fb2eeae24acdce30 The OpenSSF Package Analysis project identified 'dynamodb-data-mapper-js' @ 7.0.0 npm as malicious. It is considered malicious because: - The...

6.9AI score
Exploits0
OSV
OSV
added 2024/12/21 8:10 a.m.4 views

MAL-2024-12086 Malicious code in dynamodb-data-mapper-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 93e1601651b9c7ac38203563ebdc9231ff5ac6298c9dee85fb2eeae24acdce30 The OpenSSF Package Analysis project identified 'dynamodb-data-mapper-js' @ 7.0.0 npm as malicious. It is considered malicious because: - The...

7.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/10/16 1:41 p.m.3 views

Malicious code in util-dynamodb (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2024/10/16 1:41 p.m.5 views

MAL-2024-9896 Malicious code in util-dynamodb (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/10/16 1:1 p.m.3 views

Malicious code in lib-dynamodb (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2024/10/16 1:1 p.m.3 views

MAL-2024-9686 Malicious code in lib-dynamodb (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/10/16 12:40 p.m.3 views

Malicious code in client-dynamodb (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2024/10/16 12:40 p.m.2 views

MAL-2024-9548 Malicious code in client-dynamodb (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
OSV
OSV
added 2024/06/25 1:25 p.m.6 views

MAL-2024-4172 Malicious code in Be.Vlaandеren.Basisrеgisters.NisCodeService.DynamoDb (NuGet)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:25 p.m.5 views

Malicious code in Be.Vlaandеren.Basisrеgisters.NisCodeService.DynamoDb (NuGet)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
Veracode
Veracode
added 2023/11/10 6:6 a.m.11 views

Improper Signature Validation

aws-database-encryption-sdk-dynamodb is vulnerable to Improper Signature Validation. The vulnerability occurs when a Set type is assigned a SIGNONLY attribute action. In such cases, there is a chance that the signature validation of the record containing a Set may fail during read, even if the Se...

6.9AI score
Exploits0
OSV
OSV
added 2023/11/09 4:2 p.m.18 views

GHSA-72FP-W44G-625Q Signing DynamoDB Sets when using the AWS Database Encryption SDK.

Impact This advisory addresses an issue when a DynamoDB Set attribute is marked as SIGNONLY in the AWS Database Encryption SDK DB-ESDK for DynamoDB. This also includes when a Set is part of a List or a Map. DB-ESDK for DynamoDB supports SIGNONLY and ENCRYPTANDSIGN attribute actions. In version...

6.7AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/11/09 4:2 p.m.27 views

Signing DynamoDB Sets when using the AWS Database Encryption SDK.

Impact This advisory addresses an issue when a DynamoDB Set attribute is marked as SIGNONLY in the AWS Database Encryption SDK DB-ESDK for DynamoDB. This also includes when a Set is part of a List or a Map. DB-ESDK for DynamoDB supports SIGNONLY and ENCRYPTANDSIGN attribute actions. In version...

6.6AI score
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/09 12:0 a.m.3 views

PT-2023-32985 · Amazon · Aws Database Encryption Sdk (Db-Esdk) For Dynamodb

Name of the Vulnerable Software and Affected Versions: AWS Database Encryption SDK DB-ESDK for DynamoDB versions 3.1.0 and below Description: The issue arises when a DynamoDB Set attribute is marked as SIGN ONLY in the AWS Database Encryption SDK DB-ESDK for DynamoDB, including when a Set is part...

7.2AI score
Exploits0References5
OSV
OSV
added 2023/10/25 6:17 p.m.3 views

CVE-2023-34085

When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request...

4.3CVSS5.8AI score0.00467EPSS
Exploits0References2
NVD
NVD
added 2023/10/25 6:17 p.m.14 views

CVE-2023-34085

When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request...

4.3CVSS4AI score0.00467EPSS
Exploits0References2
Prion
Prion
added 2023/10/25 6:17 p.m.19 views

Cross site request forgery (csrf)

When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request...

4CVSS4.7AI score0.00467EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/10/25 2:3 a.m.16 views

CVE-2023-34085 User Attribute Disclosure via DynamoDB Data Stores

When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request...

2.6CVSS4.9AI score0.00467EPSS
Exploits0References2
CVE
CVE
added 2023/10/25 2:3 a.m.46 views

CVE-2023-34085

CVE-2023-34085 describes a vulnerability where, if an AWS DynamoDB table is used for storing user attributes, an attacker can craft a request to retrieve another user’s attributes. The connected records corroborate this label and tie the issue to Ping Identity PingFederate and related disclosures...

4.3CVSS4AI score0.00467EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder