com.amazonaws:aws-encryption-sdk-java

Maven2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting com.amazonaws:aws-encryption-sdk-javapage 1 of 1

CVE-2020-8897MEDIUMCVSS 4.8EG 4.8✓ Fixed in 2.0.0
2020-11-16
vulnerable: 0.0.1 ... 1.9.2 (19 versions)
A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript prior to versions 2.0.0. Due to the non-committing property of AES-GCM (and other AEAD ciphers such as AES-GCM-SIV or (X)ChaCha20Poly1305)…
CVE-2024-23680MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2.2.0
2024-01-19
vulnerable: 2.0.0
AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9.0 incorrectly validates some invalid ECDSA signatures.

Check whether com.amazonaws:aws-encryption-sdk-java is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for com.amazonaws:aws-encryption-sdk-java CVEs against the assets you own.

Start Free Scan →