Aws Software Development Kit@* Security Vulnerabilities and Issues — Aws Software Development Kit@* CVE List

Lucene search

AmazonAws Software Development Kit*

4 matches found

CVE•added 2022/12/27 10:15 p.m.•250 views

CVE-2022-2582

The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it.

4.3CVSS4.3AI score0.0005EPSS

CVE•added 2022/12/27 3:15 p.m.•92 views

CVE-2022-4725

A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to v...

9.8CVSS7.5AI score0.00064EPSS

CVE•added 2019/04/04 3:29 p.m.•51 views

CVE-2018-19981

Amazon AWS SDK

9CVSS6.8AI score0.00666EPSS

CVE•added 2023/12/22 9:15 p.m.•45 views

CVE-2023-51651

AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the buildEndpoint method in the RestSerializer component of the AWS SDK for...

6CVSS4.9AI score0.00107EPSS