Amazon Aws Software Development Kit vulnerabilities

CVE-2023-51651 [LOW] CWE-22 CVE-2023-51651: AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of req AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the `buildEndpoint` method in the RestSerializer component of the AWS SDK for PHP v3 prior to 3.288.1. The `buildEndpoint` method r

CVE-2022-4725 [CRITICAL] CWE-918 CVE-2022-4725: A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the f A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to version 2.59.1 is able to address this issue. The nam

CVE-2022-2582 [MEDIUM] CWE-326 CVE-2022-2582: The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metad The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it.

CVE-2018-19981 [HIGH] CWE-312 CVE-2018-19981: Amazon AWS SDK <=2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Tempor Amazon AWS SDK <=2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. An attacker can use these credentials to create authenticated and/or authorized requests. Note that the attacker must have "root" privilege access to the Android filesystem in order to exploit t