Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in aws-sdk-s3-1.199.0.gem

Summary IBM Watson Discovery Cartridge affected by vulnerability in aws-sdk-s3-1.199.0.gem Vulnerability Details CVEID:CVE-2025-14762 DESCRIPTION: Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts ...

Amazon S3 Encryption Client for Java < 4.0.0 Key Commitment (AWS-2025-032)

The version of Amazon S3 Encryption Client for Java on the remote host is 4.0.0. It is, therefore, affected by a key commitment vulnerability as referenced in the AWS-2025-032 advisory. Missing cryptographic key commitment in the Amazon S3 Encryption Client for Java may allow a user with write...

GHSA-3G75-Q268-R9R6 Amazon S3 Encryption Client has a Key Commitment Issue

Summary S3 Encryption Client for Go is an open-source client-side encryption library used to facilitate writing and reading encrypted records to S3. When the encrypted data key EDK is stored in an "Instruction File" instead of S3's metadata record, the EDK is exposed to an "Invisible Salamanders"...

GHSA-4V42-65R3-3GJX Amazon S3 Encryption Client for .NET has a Key Commitment Issue

Summary S3 Encryption Client for .NET S3EC is an open-source client-side encryption library used to facilitate writing and reading encrypted records to S3. When the encrypted data key EDK is stored in an "Instruction File" instead of S3's metadata record, the EDK is exposed to an "Invisible...

gnark 安全漏洞

gnark is a fast zk-SNARK library open-sourced by Consensys. for advanced APIs to design circuits. A security vulnerability exists in versions prior to gnark 0.11.0, which stems from the fact that the implementation of the commitment to a private witness in a Groth16 proof breaks the zero-knowledg...