GHSA-QJ85-69XF-2VXQ AWS CDK RestApi not generating authorizationScope correctly in resultant CFN template

Summary The AWS Cloud Development Kit CDK is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormation templates during deployment to a customer’s AWS account. CDK contains pre-built component...

CVE-2024-45037

The AWS Cloud Development Kit CDK is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormation templates during deployment to a customer’s AWS account. CDK contains pre-built components called...

PT-2024-31387 · Amazon · Aws Cloud Development Kit

Name of the Vulnerable Software and Affected Versions: AWS Cloud Development Kit CDK versions 2.142.0 through 2.148.0 Description: The issue in AWS Cloud Development Kit CDK can result in granting authenticated Amazon Cognito users broader than intended access. Specifically, if a CDK application...

CVE-2019-5295

Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.125C00E125R2P14T8 have an authorization bypass vulnerability. Due to improper authorization implementation logic, attackers can bypass certain authorization scopes of smart phones by performing specific operations. This...

CVE-2019-5295

Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.125C00E125R2P14T8 have an authorization bypass vulnerability. Due to improper authorization implementation logic, attackers can bypass certain authorization scopes of smart phones by performing specific operations. This...