Aws Aws-Sdk-Php vulnerabilities

CVE-2025-14761 [MEDIUM] CWE-327 AWS SDK for PHP's S3 Encryption Client has a Key Commitment Issue AWS SDK for PHP's S3 Encryption Client has a Key Commitment Issue ## Summary S3 Encryption Client for PHP is an open-source client-side encryption library used to facilitate writing and reading encrypted records to S3. When the encrypted data key (EDK) is stored in an "Instruction File" instead of S3's metadata record, the EDK is exposed to an "Invisible Salamanders" attack (https://eprint.iacr.o

CVE-2023-51651 [LOW] CWE-22 CVE-2023-51651: AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of req AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the `buildEndpoint` method in the RestSerializer component of the AWS SDK for PHP v3 prior to 3.288.1. The `buildEndpoint` method r

CVE-2015-5723 [HIGH] Doctrine Security Misconfiguration Vulnerability Doctrine Security Misconfiguration Vulnerability Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an app