Amazon Aws Software Development Kit
By the Year
In 2024 there have been 0 vulnerabilities in Amazon Aws Software Development Kit . Last year Aws Software Development Kit had 1 security vulnerability published. Right now, Aws Software Development Kit is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 1 | 3.30 |
| 2022 | 2 | 7.05 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 7.20 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Aws Software Development Kit vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Amazon Aws Software Development Kit Security Vulnerabilities
AWS SDK for PHP is the Amazon Web Services software development kit for PHP
CVE-2023-51651
3.3 - Low
- December 22, 2023
AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the `buildEndpoint` method in the RestSerializer component of the AWS SDK for PHP v3 prior to 3.288.1. The `buildEndpoint` method relies on the Guzzle Psr7 UriResolver utility, which strips dot segments from the request path in accordance with RFC 3986. Under certain conditions, this could lead to an arbitrary object being accessed. This issue has been patched in version 3.288.1.
Directory traversal
The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field
CVE-2022-2582
4.3 - Medium
- December 27, 2022
The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it.
Inadequate Encryption Strength
A vulnerability was found in AWS SDK 2.59.0
CVE-2022-4725
9.8 - Critical
- December 27, 2022
A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to version 2.59.1 is able to address this issue. The name of the patch is c3e6d69422e1f0c80fe53f2d757b8df97619af2b. It is recommended to upgrade the affected component. The identifier VDB-216737 was assigned to this vulnerability.
XSPA
Amazon AWS SDK <=2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service
CVE-2018-19981
7.2 - High
- April 04, 2019
Amazon AWS SDK <=2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. An attacker can use these credentials to create authenticated and/or authorized requests. Note that the attacker must have "root" privilege access to the Android filesystem in order to exploit this vulnerability (i.e. the device has been compromised, such as disabling or bypassing Android's fundamental security mechanisms).
Cleartext Storage of Sensitive Information
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Amazon Aws Software Development Kit or by Amazon? Click the Watch button to subscribe.
