44 matches found
CVE-2025-23206
The AWS Cloud Development Kit AWS CDK is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. Users who use IAM OIDC custom resource provider package will download CA Thumbprints as part of the custom resource workflow...
CVE-2023-50253
Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of the pod, which...
EUVD-2023-55068
Malicious code in bioql PyPI...
EUVD-2024-2637
Malicious code in bioql PyPI...
EUVD-2025-0113
Malicious code in bioql PyPI...
EUVD-2025-7239
Malicious code in bioql PyPI...
EUVD-2023-1884
Malicious code in bioql PyPI...
Coder 代码问题漏洞
Coder is an application from Coder Inc. that allows for the setup of development environments in public or private cloud infrastructures. A code issue vulnerability exists in Coder versions 2.24.3 and earlier and 2.25.0 through 2.25.1, which stems from mishandling of sessions and could lead to...
CVE-2024-45037
The AWS Cloud Development Kit CDK is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormation templates during deployment to a customer’s AWS account. CDK contains pre-built components called...
GHSA-QC59-CXJ2-C2W4 aws-cdk-lib's aspect order change causes different Permissions Boundary assigned to Role
Summary The AWS Cloud Development Kit AWS CDK is an open-source software development framework for defining cloud infrastructure in code and provisioning it through AWS CloudFormation. In the CDK, developers organize their applications into reusable components called "constructs," which are...
PT-2025-19363 · Npm · Aws-Cdk-Lib
Summary The AWS Cloud Development Kit AWS CDK is an open-source software development framework for defining cloud infrastructure in code and provisioning it through AWS CloudFormation. In the CDK, developers organize their applications into reusable components called "constructs," which are...
CVE-2025-2598
When the AWS Cloud Development Kit AWS CDK Command Line Interface AWS CDK CLI is used with a credential plugin which returns an expiration property with the retrieved AWS credentials, the credentials are printed to the console output. To mitigate this issue, users should upgrade to version 2.178....
@aws-cdk/integ-runner (>=2.172.0-alpha.0 <=2.178.1-alpha.0), @bifravst/http-api-mock (>=2.1.97 <=2.1.144) +4 more potentially affected by CVE-2025-2598 via aws-cdk (>=2.172.0 <=2.178.1)
aws-cdk NPM version =2.172.0, =2.172.0-alpha.0, =2.1.97, =4.3.190, =3.2.25, =2.172.0, =2.178.1 Source cves: CVE-2025-2598 Source advisory: OSV:GHSA-V63M-X9R9-8GQP...
AWS Cloud Development Kit 安全漏洞
AWS Cloud Development Kit is an open source software development framework open sourced by Amazon Web Services for defining cloud infrastructure in code and configuring it via AWS CloudFormation. A security vulnerability exists in AWS Cloud Development Kit that stems from credential information...
PT-2025-12422
Name of the Vulnerable Software and Affected Versions AWS CDK CLI versions prior to 2.178.2 Description The issue arises when the AWS CDK CLI is used with a credential plugin that returns an expiration property with the retrieved AWS credentials, causing the credentials to be printed to the conso...
AWS Cloud Development Kit (AWS CDK) IAM OIDC custom resource allows connection to unauthorized OIDC provider
Impact Users who use IAM OIDC custom resource provider package will download CA Thumbprints as part of the custom resource workflow, https://github.com/aws/aws-cdk/blob/d16482fc8a4a3e1f62751f481b770c09034df7d2/packages/%40aws-cdk/custom-resource-handlers/lib/aws-iam/oidc-handler/external.tsL34...
CVE-2025-23206 IAM OIDC custom resource allows connection to unauthorized OIDC provider in aws-cdk
The AWS Cloud Development Kit AWS CDK is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. Users who use IAM OIDC custom resource provider package will download CA Thumbprints as part of the custom resource workflow...
CVE-2025-23206 IAM OIDC custom resource allows connection to unauthorized OIDC provider in aws-cdk
The AWS Cloud Development Kit AWS CDK is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. Users who use IAM OIDC custom resource provider package will download CA Thumbprints as part of the custom resource workflow...
CVE-2025-23206
The CVE-2025-23206 issue affects AWS CDK (IAM OIDC custom resource workflow). The tls.connect call sets rejectUnauthorized: false, enabling potential MITM risk when downloading CA thumbprints. A patch is in progress; remediation guidance in the connected docs recommends upgrading to CDK v2.177.0 ...
AWS Cloud Development Kit 数据伪造问题漏洞
AWS Cloud Development Kit is an open source software development framework open sourced by Amazon Web Services for defining cloud infrastructure in code and configuring it via AWS CloudFormation. A data forgery vulnerability exists in AWS Cloud Development Kit, which stems from the fact that it...