Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-4725

A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to version 2.59.1 is able to address this issue. The name of the patch is c3e6d69422e1f0c80fe53f2d757b8df97619af2b. It is recommended to upgrade the affected component. The identifier VDB-216737 was assigned to this vulnerability.

Published

2022-12-27T15:15:12.130

Last Modified

2024-11-21T07:35:49.017

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-918

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	amazon	aws_software_development_kit	< 2.59.1	Yes

References

https://github.com/aws-amplify/aws-sdk-android/commit/c3e6d69422e1f0c80fe53f2d757b8df97619af2b Patch, Third Party Advisory ([email protected])
https://github.com/aws-amplify/aws-sdk-android/pull/3100 Patch, Third Party Advisory ([email protected])
https://github.com/aws-amplify/aws-sdk-android/releases/tag/release_v2.59.1 Release Notes, Third Party Advisory ([email protected])
https://vuldb.com/?id.216737 Third Party Advisory ([email protected])
https://github.com/aws-amplify/aws-sdk-android/commit/c3e6d69422e1f0c80fe53f2d757b8df97619af2b Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/aws-amplify/aws-sdk-android/pull/3100 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/aws-amplify/aws-sdk-android/releases/tag/release_v2.59.1 Release Notes, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://vuldb.com/?id.216737 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)