Количество 3
Количество 3
CVE-2025-14762
Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade AWS SDK for Ruby to version 1.208.0 or later.
CVE-2025-14762
Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade AWS SDK for Ruby to version 1.208.0 or later.
GHSA-2xgq-q749-89fq
AWS SDK for Ruby's S3 Encryption Client has a Key Commitment Issue
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-14762 Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade AWS SDK for Ruby to version 1.208.0 or later. | CVSS3: 5.3 | 0% Низкий | около 2 месяцев назад |
 | CVE-2025-14762 Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade AWS SDK for Ruby to version 1.208.0 or later. | CVSS3: 5.3 | 0% Низкий | около 2 месяцев назад |
| GHSA-2xgq-q749-89fq AWS SDK for Ruby's S3 Encryption Client has a Key Commitment Issue | CVSS3: 5.3 | 0% Низкий | около 2 месяцев назад |
Уязвимостей на страницу