github.com/aws/aws-sdk-go
Go3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/aws/aws-sdk-gopage 1 of 1
- CVE-2020-8911MEDIUMCVSS 5.6EG 5.62020-08-11
A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code (MAC), which then allows an attacker who has…
- CVE-2020-8912LOWCVSS 2.5EG 2.52020-08-11
A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can …
- CVE-2022-2582MEDIUMCVSS 4.3EG 4.3✓ Fixed in 1.34.02022-12-27
The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field,…
Check whether github.com/aws/aws-sdk-go is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/aws/aws-sdk-go CVEs against the assets you own.
Start Free Scan →