Aws Sdk For Javascipt Security Vulnerabilities and Issues — Aws Sdk For Javascipt CVE List

Lucene search

AmazonAws Sdk For Javascipt

3 matches found

CVE•added 2022/12/27 3:15 p.m.•92 views

CVE-2022-4725

A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to v...

9.8CVSS7.5AI score0.00064EPSS

CVE•added 2020/11/16 12:15 p.m.•85 views

CVE-2020-8897

A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript prior to versions 2.0.0. Due to the non-committing property of AES-GCM (and other AEAD ciphers such as AES-GCM-SIV or (X)ChaCha20Poly1305) used by the SDKs to encrypt messages, an attacker can craft...

8.1CVSS6.2AI score0.00092EPSS

CVE•added 2021/01/19 11:15 a.m.•81 views

CVE-2020-28472

This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This can be exploited further...

9.8CVSS8.3AI score0.01661EPSS