6 matches found
GHSA-999R-QQ7V-R334 aws-cdk-lib: OS Command Injection in NodejsFunction Bundling
Summary AWS CDK aws-cdk-lib is an open-source framework for defining cloud infrastructure in code and provisioning it through AWS CloudFormation. OS command injection in the NodejsFunction local bundling pipeline in aws-cdk-lib before 2.245.0 2.246.0 on Windows might allow a threat actor who...
EUVD-2026-36076
aws-cdk-lib: OS Command Injection in NodejsFunction Bundling...
Exploit for CVE-2026-11417
CVE-2026-11417-AWS-CDK-RCE Techn...
Command Injection
Overview aws-cdk-lib is a Version 2 of the AWS Cloud Development Kit library Affected versions of this package are vulnerable to Command Injection via the NodejsFunction local bundling pipeline, when an attacker controls the value of one or more of the properties externalModules, define, loader,...
PT-2026-48489
Name of the Vulnerable Software and Affected Versions aws-cdk-lib versions prior to 2.245.0 aws-cdk-lib versions prior to 2.246.0 Windows Description OS command injection exists in the NodejsFunction local bundling pipeline. An actor who controls the value of one or more bundling...
AWS Cloud Development Kit 操作系统命令注入漏洞
AWS Cloud Development Kit is an open-source software development framework developed by Amazon Web Services. It is used to define cloud infrastructure in code and configure it using AWS CloudFormation. Versions of the AWS Cloud Development Kit prior to 2.245.0 contained a vulnerability related to...