94 matches found
CVE-2021-21304
Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dynamoose from version 2.0.0 and before version 2.7.0 there was a prototype pollution vulnerability in the internal utility method "lib/utils/object/set.ts". This method is used throughout the codebase for various operations...
Malicious code in dynamodb-data-mapper-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 93e1601651b9c7ac38203563ebdc9231ff5ac6298c9dee85fb2eeae24acdce30 The OpenSSF Package Analysis project identified 'dynamodb-data-mapper-js' @ 7.0.0 npm as malicious. It is considered malicious because: - The...
MAL-2024-12086 Malicious code in dynamodb-data-mapper-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 93e1601651b9c7ac38203563ebdc9231ff5ac6298c9dee85fb2eeae24acdce30 The OpenSSF Package Analysis project identified 'dynamodb-data-mapper-js' @ 7.0.0 npm as malicious. It is considered malicious because: - The...
Malicious code in util-dynamodb (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-9896 Malicious code in util-dynamodb (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in lib-dynamodb (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-9686 Malicious code in lib-dynamodb (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in client-dynamodb (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-9548 Malicious code in client-dynamodb (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-4172 Malicious code in Be.Vlaandеren.Basisrеgisters.NisCodeService.DynamoDb (NuGet)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in Be.Vlaandеren.Basisrеgisters.NisCodeService.DynamoDb (NuGet)
--- -= Per source details. Do not edit below this line.=-...
Improper Signature Validation
aws-database-encryption-sdk-dynamodb is vulnerable to Improper Signature Validation. The vulnerability occurs when a Set type is assigned a SIGNONLY attribute action. In such cases, there is a chance that the signature validation of the record containing a Set may fail during read, even if the Se...
GHSA-72FP-W44G-625Q Signing DynamoDB Sets when using the AWS Database Encryption SDK.
Impact This advisory addresses an issue when a DynamoDB Set attribute is marked as SIGNONLY in the AWS Database Encryption SDK DB-ESDK for DynamoDB. This also includes when a Set is part of a List or a Map. DB-ESDK for DynamoDB supports SIGNONLY and ENCRYPTANDSIGN attribute actions. In version...
Signing DynamoDB Sets when using the AWS Database Encryption SDK.
Impact This advisory addresses an issue when a DynamoDB Set attribute is marked as SIGNONLY in the AWS Database Encryption SDK DB-ESDK for DynamoDB. This also includes when a Set is part of a List or a Map. DB-ESDK for DynamoDB supports SIGNONLY and ENCRYPTANDSIGN attribute actions. In version...
PT-2023-32985 · Amazon · Aws Database Encryption Sdk (Db-Esdk) For Dynamodb
Name of the Vulnerable Software and Affected Versions: AWS Database Encryption SDK DB-ESDK for DynamoDB versions 3.1.0 and below Description: The issue arises when a DynamoDB Set attribute is marked as SIGN ONLY in the AWS Database Encryption SDK DB-ESDK for DynamoDB, including when a Set is part...
CVE-2023-34085
When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request...
CVE-2023-34085
When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request...
Cross site request forgery (csrf)
When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request...
CVE-2023-34085 User Attribute Disclosure via DynamoDB Data Stores
When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request...
CVE-2023-34085
CVE-2023-34085 describes a vulnerability where, if an AWS DynamoDB table is used for storing user attributes, an attacker can craft a request to retrieve another user’s attributes. The connected records corroborate this label and tie the issue to Ping Identity PingFederate and related disclosures...