40 matches found
core-aws (>=1.1.0 <=1.3.0), mind-castle (=0.4.7) potentially affected by CVE-2026-6550 via aws-encryption-sdk (>=4.0.0 <=4.0.3)
aws-encryption-sdk PYPI version =4.0.0, =1.1.0, =1.3.0 - mind-castle =0.4.7 Source cves: CVE-2026-6550 Source advisory: OSV:GHSA-V638-38FC-RHFV...
aws-encryption-sdk-cli (>=2.1.0 <=3.1.0), cloudformation-cli-python-lib (>=2.1.9 <=2.1.16) +4 more potentially affected by CVE-2026-6550 via aws-encryption-sdk (>=2.0.0 <=3.3.0)
aws-encryption-sdk PYPI version =2.0.0, =2.1.0, =2.1.9, =1.0.0, =1.0.1, =0.4.8, =25.11.0, =25.14.1 Source cves: CVE-2026-6550 Source advisory: OSV:GHSA-V638-38FC-RHFV...
AWS Encryption SDK for Python: Key commitment policy bypass via shared key cache
Summary AWS Encryption SDK ESDK for Python is a client-side encryption library. An issue exists where, under certain circumstances, a specific cryptographic algorithm downgrade in the caching layer might allow an authenticated local threat actor to bypass key commitment policy enforcement via a...
cloudformation-cli-python-lib (>=2.1.12 <=2.1.16), core-aws (>=1.0.0 <=1.0.4) +3 more potentially affected by CVE-2026-6550 via aws-encryption-sdk (>=3.1.0 <=3.3.0)
aws-encryption-sdk PYPI version =3.1.0, =2.1.12, =1.0.0, =1.0.1, =0.4.8, =25.11.0, =25.14.1 Source cves: CVE-2026-6550 Source advisory: SNYK:PYTHON-AWSENCRYPTIONSDK-16115497...
core-aws (>=1.1.0 <=1.3.0), mind-castle (=0.4.7) potentially affected by CVE-2026-6550 via aws-encryption-sdk (>=4.0.0 <=4.0.3)
aws-encryption-sdk PYPI version =4.0.0, =1.1.0, =1.3.0 - mind-castle =0.4.7 Source cves: CVE-2026-6550 Source advisory: SNYK:PYTHON-AWSENCRYPTIONSDK-16115497...
Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
Overview aws-encryption-sdk is an AWS Encryption SDK implementation for Python Affected versions of this package are vulnerable to Selection of Less-Secure Algorithm During Negotiation 'Algorithm Downgrade' via the shared key cache. An attacker can bypass key commitment policy enforcement by...
CVE-2026-6550
The vulnerability CVE-2026-6550 affects the AWS Encryption SDK for Python in its caching layer. A cryptographic downgrade in the key cache could allow an authenticated local actor to bypass key commitment policy enforcement, enabling ciphertext to be decrypted into multiple possible plaintexts. A...
AWS VDP: V2Plugin.Decrypt panics on empty ciphertext (Remote DoS)
A vulnerability was discovered in the "aws-encryption-provider" component where the "V2Plugin.Decrypt" function accessed the ciphertext slice without checking if it was empty, leading to a panic and crashing the entire gRPC server process...
AWS VDP: V1Plugin.Decrypt panics on empty ciphertext (Remote DoS)
A vulnerability was discovered in the aws-encryption-provider component of the pkg/plugin/plugin.go file at revision 4341c70. The vulnerability caused the V1Plugin.Decrypt function to panic when passed an empty ciphertext, crashing the entire gRPC server process. This was due to the function...
EUVD-2020-0050
Malware in sbrugna...
cn.jarkata:jarkata-encrypt (=1.0.0), cn.ponfee:commons-core (>=1.1 <=1.4) +242 more potentially affected by CVE-2025-8885 via org.bouncycastle:bcprov-ext-jdk18on (>=1.71 <=1.77)
org.bouncycastle:bcprov-ext-jdk18on MAVEN version =1.71, =1.1, =2.4.1, =3.0.0 - com.clever-cloud.pulsar4s:pulsar4s-akka-streams2.12 =2.9.1 - com.clever-cloud.pulsar4s:pulsar4s-akka-streams2.13 =2.9.1 - com.clever-cloud.pulsar4s:pulsar4s-akka-streams3 =2.9.1 -...
CVE-2024-23680
AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9.0 incorrectly validates some invalid ECDSA signatures...
CVE-2020-8897
A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript prior to versions 2.0.0. Due to the non-committing property of AES-GCM and other AEAD ciphers such as AES-GCM-SIV or XChaCha20Poly1305 used by the SDKs to encrypt messages, an attacker can craft a...
Unable to encrypt Identity disk on AWS when using encrypted master image
The AMI was created using an encrypted instance\snapshot. However, the MCS machines appear with identity disk "Not encrypted"...
Duplicate Advisory: Improper Verification of Cryptographic Signature in aws-encryption-sdk-java
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-55xh-53m6-936r. This link is maintained to preserve external references. Original Description AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9.0 incorrectly validates some invalid ECDSA...
Code injection
AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9.0 incorrectly validates some invalid ECDSA signatures...
CVE-2024-23680 AWS Encryption SDK for Java Improper Verification of Cryptographic Signature
AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9.0 incorrectly validates some invalid ECDSA signatures...
CVE-2024-23680 AWS Encryption SDK for Java Improper Verification of Cryptographic Signature
AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9.0 incorrectly validates some invalid ECDSA signatures...
Malicious code in aws-encryption-sdk-javascript (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ded7612b942b1e3da52d4dfc7abcb64d6ad4bd30d80fac04815238838f9f4763 The OpenSSF Package Analysis project identified 'aws-encryption-sdk-javascript' @ 23.0.0 npm as malicious. It is considered malicious because: -...
MAL-2023-7919 Malicious code in aws-encryption-sdk-javascript (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ded7612b942b1e3da52d4dfc7abcb64d6ad4bd30d80fac04815238838f9f4763 The OpenSSF Package Analysis project identified 'aws-encryption-sdk-javascript' @ 23.0.0 npm as malicious. It is considered malicious because: -...