EUVD-2025-8754

Malicious code in bioql PyPI...

EUVD-2025-8753

Malicious code in bioql PyPI...

Unauthorized File Access

awssamcli is vulnerable to Unauthorized File Access. The vulnerability is due to insecure symlink resolution during the build process, which causes the contents of symlinks to be copied into the local workspace cache as regular files, allows an attacker to access restricted files...

AWS SAM CLI < 1.133.0 multiple vulnerabilities

The version of AWS SAM CLI installed on the remote host is prior to 1.133.0 and is, therefore, affected by multiple vulnerabilities: - When running the AWS SAM CLI build process with Docker and symlinks are included in the build files, the container environment allows a user to access privileged...

AWS SAM CLI Installed (Windows)

Binary data awssamcliwindetect.nbin...

CVE-2025-3048

After completing a build with AWS Serverless Application Model Command Line Interface SAM CLI which include symlinks, the content of those symlinks are copied to the cache of the local workspace as regular files or directories. As a result, a user who does not have access to those symlinks outsid...

AWS SAM CLI Path Traversal allows file copy to local cache

Summary The AWS Serverless Application Model Command Line Interface AWS SAM CLI is an open-source CLI tool that helps Lambda developers to build and develop Lambda applications locally on their computers using Docker. After completing a build with AWS SAM CLI which include symlinks, the content o...

GHSA-PP64-WJ43-XQCR AWS SAM CLI Path Traversal allows file copy to local cache

Summary The AWS Serverless Application Model Command Line Interface AWS SAM CLI is an open-source CLI tool that helps Lambda developers to build and develop Lambda applications locally on their computers using Docker. After completing a build with AWS SAM CLI which include symlinks, the content o...

better-lambda-deploy (>=0.0.4 <=0.6.9), localambda (=0.0.1) +1 more potentially affected by CVE-2025-3047 via aws-sam-cli (>=0.17.0 <=1.12.0)

aws-sam-cli PYPI version =0.17.0, =0.0.4, =0.0.7, =0.0.12 Source cves: CVE-2025-3047 Source advisory: OSV:GHSA-PX37-JPQX-97Q9...

GHSA-PX37-JPQX-97Q9 AWS SAM CLI Path Traversal allows file copy to build container

Summary The AWS Serverless Application Model Command Line Interface AWS SAM CLI is an open-source CLI tool that helps Lambda developers to build and develop Lambda applications locally on their computers using Docker. When running the AWS SAM CLI build process with Docker and symlinks are include...

CVE-2025-3048 Path Traversal in AWS SAM CLI allows file copy to local cache

After completing a build with AWS Serverless Application Model Command Line Interface SAM CLI which include symlinks, the content of those symlinks are copied to the cache of the local workspace as regular files or directories. As a result, a user who does not have access to those symlinks outsid...

CVE-2025-3048 Path Traversal in AWS SAM CLI allows file copy to local cache

After completing a build with AWS Serverless Application Model Command Line Interface SAM CLI which include symlinks, the content of those symlinks are copied to the cache of the local workspace as regular files or directories. As a result, a user who does not have access to those symlinks outsid...

CVE-2025-3047 Path Traversal in AWS SAM CLI allows file copy to build container

When running the AWS Serverless Application Model Command Line Interface SAM CLI build process with Docker and symlinks are included in the build files, the container environment allows a user to access privileged files on the host by leveraging the elevated permissions granted to the tool. A use...

CVE-2025-3047 Path Traversal in AWS SAM CLI allows file copy to build container

When running the AWS Serverless Application Model Command Line Interface SAM CLI build process with Docker and symlinks are included in the build files, the container environment allows a user to access privileged files on the host by leveraging the elevated permissions granted to the tool. A use...

Argument Injection

aws-sam-cli is vulnerable to Argument Injection. The vulnerability is due to the ability for users to specify arguments in the SAM template that are passed to the Docker engine during the build, potentially leading to malicious code execution...

GHSA-RJC6-VM4H-85CG Sensitive Information Exposure Through Insecure Logging For Secrets Like Metadata.DockerBuildArgs

Summary The AWS Serverless Application Model SAM CLI is an open source tool that allows customers to build, deploy and test their serverless applications built on AWS. AWS SAM CLI can build container Docker images and customers can specify arguments in the SAM template that are passed to the Dock...