aws-encryption-sdk suffers from an In-band protocol negotiation and robustness weakness. The SDK allows a unique ciphertext to be decrypted into different results due to the non-committing property of AES-GCM, and other AEAD ciphers such as AES-GCM-SIV, or (X)ChaCha20Poly1305, when encrypting messages.
CPE | Name | Operator | Version |
---|---|---|---|
aws-encryption-sdk-java | le | 1.7.0 | |
aws-encryption-sdk | le | 1.7.1 | |
@aws-crypto/client-node | le | 1.7.0 |