CVE-2022-4725
published 2022-12-27CVE-2022-4725: A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file…
PriorityP350critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.67%
47.3th percentile
A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to version 2.59.1 is able to address this issue. The name of the patch is c3e6d69422e1f0c80fe53f2d757b8df97619af2b. It is recommended to upgrade the affected component. The identifier VDB-216737 was assigned to this vulnerability.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| amazon | aws_software_development_kit | < 2.59.1 | 2.59.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
AWS SDK is vulnerable to server-side request forgery (SSRF)
osv·2022-12-27
CVE-2022-4725 [CRITICAL] AWS SDK is vulnerable to server-side request forgery (SSRF)
AWS SDK is vulnerable to server-side request forgery (SSRF)
A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to version 2.59.1 can address this issue. The name of the patch is c3e6d69422e1f0c80fe53f2d757b8df97619af2b. It is recommended to upgrade the affected component. The identifier VDB-216737 was assigned to this vulnerability.
GHSA
AWS SDK is vulnerable to server-side request forgery (SSRF)
ghsa·2022-12-27
CVE-2022-4725 [CRITICAL] CWE-918 AWS SDK is vulnerable to server-side request forgery (SSRF)
AWS SDK is vulnerable to server-side request forgery (SSRF)
A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to version 2.59.1 can address this issue. The name of the patch is c3e6d69422e1f0c80fe53f2d757b8df97619af2b. It is recommended to upgrade the affected component. The identifier VDB-216737 was assigned to this vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/aws-amplify/aws-sdk-android/commit/c3e6d69422e1f0c80fe53f2d757b8df97619af2bhttps://github.com/aws-amplify/aws-sdk-android/pull/3100https://github.com/aws-amplify/aws-sdk-android/releases/tag/release_v2.59.1https://vuldb.com/?id.216737https://github.com/aws-amplify/aws-sdk-android/commit/c3e6d69422e1f0c80fe53f2d757b8df97619af2bhttps://github.com/aws-amplify/aws-sdk-android/pull/3100https://github.com/aws-amplify/aws-sdk-android/releases/tag/release_v2.59.1https://vuldb.com/?id.216737
2022-12-27
Published