Lucene search
K

94 matches found

NVD
NVD
added 2021/02/08 6:15 p.m.21 views

CVE-2021-21304

Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dynamoose from version 2.0.0 and before version 2.7.0 there was a prototype pollution vulnerability in the internal utility method "lib/utils/object/set.ts". This method is used throughout the codebase for various operations...

9.8CVSS0.01894EPSS
Exploits0References4
Prion
Prion
added 2021/02/08 6:15 p.m.11 views

Design/Logic Flaw

Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dynamoose from version 2.0.0 and before version 2.7.0 there was a prototype pollution vulnerability in the internal utility method "lib/utils/object/set.ts". This method is used throughout the codebase for various operations...

7.5CVSS9.4AI score0.01894EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/02/08 5:43 p.m.16 views

GHSA-4PH2-8337-HM62 Key Caching behavior in the DynamoDB Encryption Client.

Impact This advisory concerns users of MostRecentProvider in the DynamoDB Encryption Client with a key provider like AWS Key Management Service that allows for permissions on keys to be modified. When key usage permissions were changed at the key provider, time-based key reauthorization logic in...

7.1AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2021/02/08 5:43 p.m.46 views

Key Caching behavior in the DynamoDB Encryption Client.

Impact This advisory concerns users of MostRecentProvider in the DynamoDB Encryption Client with a key provider like AWS Key Management Service that allows for permissions on keys to be modified. When key usage permissions were changed at the key provider, time-based key reauthorization logic in...

2.3AI score
Exploits0References5Affected Software1
OSV
OSV
added 2021/02/08 5:43 p.m.7 views

GHSA-W736-HF9P-QQH3 Key Caching behavior in the DynamoDB Encryption Client.

Impact This advisory concerns users of MostRecentProvider in the DynamoDB Encryption Client with a key provider like AWS Key Management Service that allows for permissions on keys to be modified. When key usage permissions were changed at the key provider, time-based key reauthorization logic in...

7.1AI score
Exploits0References3
vulnersOsv
vulnersOsv
added 2021/02/08 5:43 p.m.3 views

com.nannoq:auth (>=1.0.0 <=1.1.7), com.nannoq:fcm (>=1.0.0 <=1.1.7) +6 more potentially affected by unknown CVE via com.amazonaws:aws-dynamodb-encryption-java (>=1.11.0 <=1.14.1)

com.amazonaws:aws-dynamodb-encryption-java MAVEN version =1.11.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.1.4, =1.0.28, =1.1.7 Source cves: unknown CVE Source advisory: OSV:GHSA-W736-HF9P-QQH3...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2021/02/08 5:43 p.m.76 views

Key Caching behavior in the DynamoDB Encryption Client.

Impact This advisory concerns users of MostRecentProvider in the DynamoDB Encryption Client with a key provider like AWS Key Management Service that allows for permissions on keys to be modified. When key usage permissions were changed at the key provider, time-based key reauthorization logic in...

2.3AI score
Exploits0References4Affected Software1
CVE
CVE
added 2021/02/08 5:40 p.m.75 views

CVE-2021-21304

CVE-2021-21304 describes a prototype pollution vulnerability in Dynamoose, located in the internal utility method lib/utils/object/set.ts . Affected are Dynamoose versions from 2.0.0 up to 2.6.x (and v2.x beta/alpha). The vulnerability was fixed in 2.7.0 . There is no evidence of exploitation rep...

9.8CVSS8.2AI score0.01894EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2021/02/08 5:40 p.m.20 views

CVE-2021-21304 Prototype Pollution in Dynamoose

Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dynamoose from version 2.0.0 and before version 2.7.0 there was a prototype pollution vulnerability in the internal utility method "lib/utils/object/set.ts". This method is used throughout the codebase for various operations...

7.2CVSS9.7AI score0.01894EPSS
Exploits0References4
GitLab Advisory Database
GitLab Advisory Database
added 2021/02/08 12:0 a.m.19 views

Key Caching behavior in the DynamoDB Encryption Client.

Impact This advisory concerns users of MostRecentProvider in the DynamoDB Encryption Client with a key provider like AWS Key Management Service that allows for permissions on keys to be modified. When key usage permissions were changed at the key provider, time-based key reauthorization logic in...

2.3AI score
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/03/06 12:0 a.m.37 views

SUSE SLES12 Security Update : python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer (SUSE-SU-2020:0555-1)

This update for python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer, python-jsonpatch, python-jsonpointer, python-scandir, python-PyYAML fixes the...

7.5CVSS7.1AI score0.07443EPSS
Exploits2References9
Carbon Black Blog
Carbon Black Blog
added 2019/11/20 6:0 p.m.52 views

Taking Reputation to Scale: An Iterative Journey with an Agile Approach (Part 2)

In Part 1 of this blog, we shared with you the challenges we had in balancing latency, scalability, and cost for our reputation services. In this blog, we’ll give you some insights into each major iteration along that journey, from the beginning to where we are now. 100 requests per second. Befor...

7.4AI score
Exploits0
vulnersOsv
vulnersOsv
added 2019/03/14 3:41 p.m.7 views

ai.catboost:catboost-spark_2.3_2.11 (>=0.25 <=1.2.7), ai.h2o:sparkling-water-examples_2.11 (>=2.3.0 <=2.3.6) +165 more potentially affected by CVE-2018-1334 via org.apache.spark:spark-core_2.11 (=2.3.0)

org.apache.spark:spark-core2.11 MAVEN version =2.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.spark:spark-core2.11 and may be impacted: - ai.catboost:catboost-spark2.32.11 =0.25, =2.3.0, =2.3.0, =0.0.3, =1.0, =0.1.0, =1.0, =0.4.0,...

4.7CVSS5.8AI score0.00504EPSS
Exploits0
Kitploit
Kitploit
added 2018/07/23 9:48 p.m.13 views

Repokid - AWS Least Privilege For Distributed, High-Velocity Deployment

Repokid uses Access Advisor provided by Aardvark to remove permissions granting access to unused services from the inline policies of IAM roles in an AWS account. Getting Started Install mkvirtualenv repokid git clone [email protected]:Netflix/repokid.git cd repokid python setup.py develop...

7AI score
Exploits0References2
Rows per page
Query Builder