4 matches found
CVE-2022-2582
The CVE-2022-2582 issue concerns the AWS S3 Crypto SDK (Go) sending an unencrypted hash of the plaintext as a metadata field alongside ciphertext. This could enable brute‑force of the plaintext if readable. AWS has since blocks this field in newer SDKs; older versions still send it. Mitigation: u...
CVE-2022-4725
The CVE-2022-4725 entry concerns the AWS Android SDK core’s XML Parser, specifically the XpathUtils.java function. It enables server-side request forgery (SSRF) due to its manipulation, affecting the XpathUtils component. The issue is fixed by upgrading from version 2.59.0 to 2.59.1; the patch id...
CVE-2023-51651
The CVE-2023-51651 issue affects AWS SDK for PHP (v3) prior to 3.288.1. The vulnerability resides in the RestSerializer’s buildEndpoint, which relies on Guzzle Psr7 UriResolver that strips dot segments per RFC 3986. Under certain conditions, this can lead to a path traversal in S3 object key pref...
CVE-2018-19981
CVE-2018-19981 : The AWS SDK for Android (versions