96 matches found
CVE-2026-13762
Inconsistent interpretation of HTTP/2 requests in Amazon CloudFront with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule body inspection via crafted HTTP/2 requests that fragment the request body across frames so that only a partial body is inspected. This issue was...
PT-2026-53691
Name of the Vulnerable Software and Affected Versions Amazon CloudFront affected versions not specified Description An inconsistent interpretation of HTTP/2 requests in Amazon CloudFront when AWS WAF is enabled may allow remote actors to bypass managed rule body inspection. This occurs through...
GHSA-Q4H4-GMJ2-QVW2 vulnerabilities
Vulnerabilities for packages: kube-arangodb-fips, flux, mods, drone-fips, cilium, crossplane-provider-aws-cloudtrail, crossplane-provider-azure-operationalinsights, crossplane-provider-azure-servicefabric, crossplane-provider-aws-kafka-fips, trivy-fips, gh, zot, crossplane-provider-aws-ec2-fips,...
GHSA-RM3J-F69W-WQMQ vulnerabilities
Vulnerabilities for packages: kube-arangodb-fips, flux, mods, drone-fips, cilium, crossplane-provider-aws-cloudtrail, crossplane-provider-azure-operationalinsights, crossplane-provider-azure-servicefabric, crossplane-provider-aws-kafka-fips, trivy-fips, gh, zot, crossplane-provider-aws-ec2-fips,...
PT-2026-49736
Summary On AWS Lambda@Edge, CloudFront delivers a request header that appears more than once as several separate entries. The adapter writes each value with Headers.set instead of Headers.append, so every value overwrites the previous one and only the last reaches the application. Repeated reques...
terraform-aws-wafacl-golden
terraform-aws-wafacl-golden !Terraformhttps://img.shields...
CVE-2026-46597 vulnerabilities
Vulnerabilities for packages: kube-arangodb-fips, flux, mods, drone-fips, cilium, crossplane-provider-aws-cloudtrail, crossplane-provider-azure-operationalinsights, crossplane-provider-azure-servicefabric, crossplane-provider-aws-kafka-fips, trivy-fips, gh, zot, crossplane-provider-aws-ec2-fips,...
CVE-2026-39834 vulnerabilities
Vulnerabilities for packages: kube-arangodb-fips, flux, mods, drone-fips, cilium, crossplane-provider-aws-cloudtrail, crossplane-provider-azure-operationalinsights, crossplane-provider-azure-servicefabric, crossplane-provider-aws-kafka-fips, trivy-fips, gh, zot, crossplane-provider-aws-ec2-fips,...
PT-2026-34681
Summary Requesting a static JS/CSS resource from the astro path with an incorrect or malformed if-match header returns a 500 error with a one-year cache lifetime instead of 412 in some cases. As a result, all subsequent requests to that file — regardless of the if-match header — will be served a...
AWS SDK for .NET: Improper escaping of special characters in CloudFront policy document construction
Summary This notification is related to the CloudFront signing utilities in the AWS SDK for .NET, which are used to generate Amazon CloudFront signed URLs and signed cookies. A defense-in-depth enhancement has been implemented to improve handling of special characters, such as double quotes and...
Improper Encoding or Escaping of Output
Overview AWSSDK.CloudFront is an Amazon CloudFront is a content delivery web service. It integrates with other Amazon Web Services products to give developers and businesses an easy way to distribute content to end users with low latency, high data transfer speeds, and no minimum usage commitment...
GHSA-MVM6-F9R3-FGFX AWS SDK for .NET: Improper escaping of special characters in CloudFront policy document construction
Summary This notification is related to the CloudFront signing utilities in the AWS SDK for .NET, which are used to generate Amazon CloudFront signed URLs and signed cookies. A defense-in-depth enhancement has been implemented to improve handling of special characters, such as double quotes and...
Improper Encoding or Escaping of Output
Overview AWSSDK.Extensions.CloudFront.Signers is a package contains extension methods for creating signed URLs for Amazon CloudFront distributions and for creating signed cookies for Amazon CloudFront distributions using canned or custom policies. Affected versions of this package are vulnerable ...
Improper Encoding or Escaping of Output
Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output through the buildCannedPolicy and buildCustomPolicy functions in the CloudFront signing utilities. An attacker can alter the generated CloudFront policy document and weaken access restrictions by...
AWS SDK for Java 2.0: Improper Handling of Special Characters in CloudFront Signing Utilities
Summary This notification is related to the CloudFront signing utilities in the AWS SDK for Java v2, which are used to generate Amazon CloudFront signed URLs and signed cookies. A defense-in-depth enhancement has been implemented to improve handling of special characters, such as double quotes an...
GHSA-443W-3RQ3-5M5H AWS SDK for Java 2.0: Improper Handling of Special Characters in CloudFront Signing Utilities
Summary This notification is related to the CloudFront signing utilities in the AWS SDK for Java v2, which are used to generate Amazon CloudFront signed URLs and signed cookies. A defense-in-depth enhancement has been implemented to improve handling of special characters, such as double quotes an...
Improper Neutralization
Overview Affected versions of this package are vulnerable to Improper Neutralization via the CloudFront signing utilities when unsanitized input containing special characters is passed to the policy document generation process. An attacker can alter access restrictions by injecting specially...
AWS SDK for PHP has CloudFront Policy Document Injection via Special Characters
Summary This notification is related to the CloudFront signing utilities in the AWS SDK for PHP, which are used to generate Amazon CloudFront signed URLs and signed cookies. A defense-in-depth enhancement has been implemented to improve handling of special characters, such as double quotes and...
GHSA-27QH-8CXX-2CR5 AWS SDK for PHP has CloudFront Policy Document Injection via Special Characters
Summary This notification is related to the CloudFront signing utilities in the AWS SDK for PHP, which are used to generate Amazon CloudFront signed URLs and signed cookies. A defense-in-depth enhancement has been implemented to improve handling of special characters, such as double quotes and...
AWS SDK for .NET: Improper escaping of special characters in CloudFront policy document construction
This notification is related to the CloudFront signing utilities in the AWS SDK for .NET, which are used to generate Amazon CloudFront signed URLs and signed cookies. A defense-in-depth enhancement has been implemented to improve handling of special characters, such as double quotes and...