33 matches found
EUVD-2025-7905
Malicious code in bioql PyPI...
EUVD-2025-9050
Malicious code in bioql PyPI...
EUVD-2025-10958
Malicious code in bioql PyPI...
CVE-2023-35165
AWS Cloud Development Kit AWS CDK is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. In the packages aws-cdk-lib 2.0.0 until 2.80.0 and @aws-cdk/aws-eks 1.57.0 until 1.202.0, eks.Cluster and eks.FargateCluster...
Incorrect Execution-Assigned Permissions
aws-cdk-lib is vulnerable to Incorrect Execution-Assigned Permissions. The vulnerability is due to unexpected Aspect execution order due to the introduction of a new priority system that overrides hierarchical aspect evaluation, potentially leading to incorrect permissions boundaries being assign...
aws-cdk-lib's aspect order change causes different Permissions Boundary assigned to Role
Summary The AWS Cloud Development Kit AWS CDK is an open-source software development framework for defining cloud infrastructure in code and provisioning it through AWS CloudFormation. In the CDK, developers organize their applications into reusable components called "constructs," which are...
Overly Permissive Authorization
aws-cdk-lib is vulnerable to Overly Permissive Authorization. The vulnerability is due to the CDK Construct Library automatically generating an overly permissive AWS IAM trust policy, which allows any user with unrestricted sts:AssumeRole permissions to assume the role...
aws-cdk-lib has Insertion of Sensitive Information into Log File vulnerability when using Cognito UserPoolClient Construct
Summary The AWS Cloud Development Kit CDK is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormation templates during deployment to a customer’s AWS account. CDK contains pre-built component...
GHSA-QQ4X-C6H6-RFXH aws-cdk-lib has Insertion of Sensitive Information into Log File vulnerability when using Cognito UserPoolClient Construct
Summary The AWS Cloud Development Kit CDK is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormation templates during deployment to a customer’s AWS account. CDK contains pre-built component...
AWS CDK CodePipeline: trusted entities are too broad
Summary The AWS Cloud Development Kit CDK is an open-source framework for defining cloud infrastructure using code. Users use it to create their own applications, which are converted to AWS CloudFormation templates during deployment to a user's AWS account. AWS CDK contains pre-built components...
GHSA-5PQ3-H73F-66HR AWS CDK CodePipeline: trusted entities are too broad
Summary The AWS Cloud Development Kit CDK is an open-source framework for defining cloud infrastructure using code. Users use it to create their own applications, which are converted to AWS CloudFormation templates during deployment to a user's AWS account. AWS CDK contains pre-built components...
@aligent/cdk-esbuild (=2.1.0), @aligent/cdk-graphql-mesh-server (>=2.2.0 <=2.17.0) +262 more potentially affected by unknown CVE via aws-cdk-lib (>=2.0.0-alpha.4 <=2.188.0)
aws-cdk-lib NPM version =2.0.0-alpha.4, =2.2.0, =2.3.7, =2.1.0, =2.1.0, =2.0.0-beta, =5.0.31-acdk-upgrade-2-129.0, =2.16.0-acdk-upgrade-2-129.0, =5.0.31-acdk-upgrade-2-129.0, =3.7.10-acdk-upgrade-2-129.0, =3.1.19-acdk-upgrade-2-129.0, =5.7.5-acdk-upgrade-2-129.0, =3.5.10-acdk-upgrade-2-129.0,...
CVE-2025-2598
When the AWS Cloud Development Kit AWS CDK Command Line Interface AWS CDK CLI is used with a credential plugin which returns an expiration property with the retrieved AWS credentials, the credentials are printed to the console output. To mitigate this issue, users should upgrade to version 2.178....
AWS CDK CLI prints AWS credentials retrieved by custom credential plugins
Summary The AWS Cloud Development Kit AWS CDK 1 is an open-source software development framework for defining cloud infrastructure in code and provisioning it through AWS CloudFormation. The AWS CDK CLI 2 is a command line tool for interacting with CDK applications. Customers can use the CDK CLI ...
CVE-2025-2598
When the AWS Cloud Development Kit AWS CDK Command Line Interface AWS CDK CLI is used with a credential plugin which returns an expiration property with the retrieved AWS credentials, the credentials are printed to the console output. To mitigate this issue, users should upgrade to version 2.178....
CVE-2025-2598
When the AWS Cloud Development Kit AWS CDK Command Line Interface AWS CDK CLI is used with a credential plugin which returns an expiration property with the retrieved AWS credentials, the credentials are printed to the console output. To mitigate this issue, users should upgrade to version 2.178....
CVE-2025-2598 AWS CDK CLI prints AWS credentials retrieved by custom credential plugins
When the AWS Cloud Development Kit AWS CDK Command Line Interface AWS CDK CLI is used with a credential plugin which returns an expiration property with the retrieved AWS credentials, the credentials are printed to the console output. To mitigate this issue, users should upgrade to version 2.178....
CVE-2025-2598 AWS CDK CLI prints AWS credentials retrieved by custom credential plugins
When the AWS Cloud Development Kit AWS CDK Command Line Interface AWS CDK CLI is used with a credential plugin which returns an expiration property with the retrieved AWS credentials, the credentials are printed to the console output. To mitigate this issue, users should upgrade to version 2.178....
CVE-2025-2598
CVE-2025-2598 (AWS CDK CLI) : When using the AWS CDK CLI with a credential plugin that returns an expiration property, credentials may be printed to console output. The issue is mitigated by upgrading to version 2.178.2 or later and patching any forked/derivative code. Public references indicate ...
GHSA-V4MQ-X674-FF73 AWS Cloud Development Kit (AWS CDK) IAM OIDC custom resource allows connection to unauthorized OIDC provider
Impact Users who use IAM OIDC custom resource provider package will download CA Thumbprints as part of the custom resource workflow, https://github.com/aws/aws-cdk/blob/d16482fc8a4a3e1f62751f481b770c09034df7d2/packages/%40aws-cdk/custom-resource-handlers/lib/aws-iam/oidc-handler/external.tsL34...