Malicious code in @antoncallahan/aws-user-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f93a70eff01af53e3710dab5d23b991b7255e6236bc2db796097bb35ace98a6e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5101 Malicious code in @antoncallahan/aws-user-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f93a70eff01af53e3710dab5d23b991b7255e6236bc2db796097bb35ace98a6e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-28056

CVE-2024-28056 affects Amazon AWS Amplify CLI versions before 12.10.1. The issue arises when the Authentication component is removed from an Amplify project, which leaves the policy in an IAM role with “Effect”: “Allow” but without the Condition, enabling sts:AssumeRoleWithWebIdentity to be usabl...

GoCD: Open S3 Bucket Accessible by any Aws User

Description: It has been observed that the amazon s3 bucket which i believe belongs to GoCD as it contains data related to GoCD █████ documents and all is misconfigured as a result any unauthenticated users can access it without any restrictions Step-by-step Reproduction Instructions 1.Access...

Ruby: Open S3 Bucket WriteAble To Any Aws User

Hi All, I know that http://rubyci.s3.amazonaws.com is used for file uploads on reports and so when i open your s3 bucket i able see all of your public/private files i already see you fix this vulnerability but it not completely fixed root@injector: aws s3 ls s3://rubyci PRE aix71ppc/ PRE amazon/...

Shopify: S3 Buckets open to the world thanks to 'Authenticated Users' ACL

Some of Shopify's Amazon S3 buckets were inadvertently left with "Any Authenticated AWS User" read or write permissions, allowing users outside of Shopify to access the buckets. The excess permissions have been removed...