Lucene search
K

4 matches found

OSV
OSV
added 2026/06/26 10:50 p.m.3 views

GHSA-8JGF-23Q5-X7XX ex_aws_sns: Trusted-attacker `SigningCertURL` permits complete SNS signature bypass

Summary ExAws.SNS.verifymessage/1 fetches the signing certificate from the SigningCertURL field of the incoming SNS message without validating that the URL uses HTTPS or that its host is an AWS-owned SNS certificate domain. An unauthenticated attacker who can POST to any endpoint that calls...

8.7CVSS6AI score0.00226EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.10 views

CVE-2026-47074

Improper Certificate Validation vulnerability in ex-aws exawssns ExAws.SNS, ExAws.SNS.PublicKeyCache modules allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/exaws/sns.ex, lib/exaws/sns/publickeycache.ex and program routines...

8.7CVSS5.5AI score0.00226EPSS
Exploits0References1
OSV
OSV
added 2026/05/28 9:5 a.m.16 views

EEF-CVE-2026-47074 ex_aws_sns SigningCertURL not validated in verify_message/1

Summary Improper Certificate Validation vulnerability in ex-aws ex\aws\sns ExAws.SNS, ExAws.SNS.PublicKeyCache modules allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/ex\aws/sns.ex, lib/ex\aws/sns/public\key\cache.ex and program routines...

8.7CVSS6.1AI score0.00226EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.15 views

PT-2026-44365

Name of the Vulnerable Software and Affected Versions ex aws sns versions 2.0.1 through 2.3.4 Description Improper Certificate Validation in the ExAws.SNS and ExAws.SNS.PublicKeyCache modules allows for signature spoofing. The function verify message fetches the signing certificate from the...

8.7CVSS5.8AI score0.00226EPSS
Exploits0References10
Rows per page
Query Builder