37 matches found
Command Injection
Overview aws-cdk-lib is a Version 2 of the AWS Cloud Development Kit library Affected versions of this package are vulnerable to Command Injection via the NodejsFunction local bundling pipeline, when an attacker controls the value of one or more of the properties externalModules, define, loader,...
CVE-2026-11417
OS command injection in the NodejsFunction local bundling pipeline in aws-cdk-lib before 2.245.0 2.246.0 on Windows might allow an actor who controls the value of one or more bundling properties externalModules, define, loader, inject, or esbuildArgs to execute arbitrary commands on the host...
CVE-2026-11417 OS Command Injection in NodejsFunction Bundling in aws-cdk-lib
OS command injection in the NodejsFunction local bundling pipeline in aws-cdk-lib before 2.245.0 2.246.0 on Windows might allow an actor who controls the value of one or more bundling properties externalModules, define, loader, inject, or esbuildArgs to execute arbitrary commands on the host...
PT-2026-48489
Name of the Vulnerable Software and Affected Versions aws-cdk-lib versions prior to 2.245.0 aws-cdk-lib versions prior to 2.246.0 Windows Description OS command injection exists in the NodejsFunction local bundling pipeline. An actor who controls the value of one or more bundling...
EUVD-2025-10958
Malicious code in bioql PyPI...
EUVD-2025-7905
Malicious code in bioql PyPI...
EUVD-2025-9050
Malicious code in bioql PyPI...
CVE-2023-35165
AWS Cloud Development Kit AWS CDK is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. In the packages aws-cdk-lib 2.0.0 until 2.80.0 and @aws-cdk/aws-eks 1.57.0 until 1.202.0, eks.Cluster and eks.FargateCluster...
Incorrect Execution-Assigned Permissions
aws-cdk-lib is vulnerable to Incorrect Execution-Assigned Permissions. The vulnerability is due to unexpected Aspect execution order due to the introduction of a new priority system that overrides hierarchical aspect evaluation, potentially leading to incorrect permissions boundaries being assign...
aws-cdk-lib's aspect order change causes different Permissions Boundary assigned to Role
Summary The AWS Cloud Development Kit AWS CDK is an open-source software development framework for defining cloud infrastructure in code and provisioning it through AWS CloudFormation. In the CDK, developers organize their applications into reusable components called "constructs," which are...
Overly Permissive Authorization
aws-cdk-lib is vulnerable to Overly Permissive Authorization. The vulnerability is due to the CDK Construct Library automatically generating an overly permissive AWS IAM trust policy, which allows any user with unrestricted sts:AssumeRole permissions to assume the role...
aws-cdk-lib has Insertion of Sensitive Information into Log File vulnerability when using Cognito UserPoolClient Construct
Summary The AWS Cloud Development Kit CDK is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormation templates during deployment to a customer’s AWS account. CDK contains pre-built component...
GHSA-QQ4X-C6H6-RFXH aws-cdk-lib has Insertion of Sensitive Information into Log File vulnerability when using Cognito UserPoolClient Construct
Summary The AWS Cloud Development Kit CDK is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormation templates during deployment to a customer’s AWS account. CDK contains pre-built component...
@aligent/cdk-esbuild (=2.1.0), @aligent/cdk-graphql-mesh-server (>=2.2.0 <=2.17.0) +262 more potentially affected by unknown CVE via aws-cdk-lib (>=2.0.0-alpha.4 <=2.188.0)
aws-cdk-lib NPM version =2.0.0-alpha.4, =2.2.0, =2.3.7, =2.1.0, =2.1.0, =2.0.0-beta, =5.0.31-acdk-upgrade-2-129.0, =2.16.0-acdk-upgrade-2-129.0, =5.0.31-acdk-upgrade-2-129.0, =3.7.10-acdk-upgrade-2-129.0, =3.1.19-acdk-upgrade-2-129.0, =5.7.5-acdk-upgrade-2-129.0, =3.5.10-acdk-upgrade-2-129.0,...
AWS CDK CodePipeline: trusted entities are too broad
Summary The AWS Cloud Development Kit CDK is an open-source framework for defining cloud infrastructure using code. Users use it to create their own applications, which are converted to AWS CloudFormation templates during deployment to a user's AWS account. AWS CDK contains pre-built components...
GHSA-5PQ3-H73F-66HR AWS CDK CodePipeline: trusted entities are too broad
Summary The AWS Cloud Development Kit CDK is an open-source framework for defining cloud infrastructure using code. Users use it to create their own applications, which are converted to AWS CloudFormation templates during deployment to a user's AWS account. AWS CDK contains pre-built components...
CVE-2025-2598
When the AWS Cloud Development Kit AWS CDK Command Line Interface AWS CDK CLI is used with a credential plugin which returns an expiration property with the retrieved AWS credentials, the credentials are printed to the console output. To mitigate this issue, users should upgrade to version 2.178....
AWS CDK CLI prints AWS credentials retrieved by custom credential plugins
Summary The AWS Cloud Development Kit AWS CDK 1 is an open-source software development framework for defining cloud infrastructure in code and provisioning it through AWS CloudFormation. The AWS CDK CLI 2 is a command line tool for interacting with CDK applications. Customers can use the CDK CLI ...
CVE-2025-2598
When the AWS Cloud Development Kit AWS CDK Command Line Interface AWS CDK CLI is used with a credential plugin which returns an expiration property with the retrieved AWS credentials, the credentials are printed to the console output. To mitigate this issue, users should upgrade to version 2.178....
CVE-2025-2598
When the AWS Cloud Development Kit AWS CDK Command Line Interface AWS CDK CLI is used with a credential plugin which returns an expiration property with the retrieved AWS credentials, the credentials are printed to the console output. To mitigate this issue, users should upgrade to version 2.178....