GHSA-2xwp-m7mq-7q3r
Suggest an improvement- Source
- https://github.com/advisories/GHSA-2xwp-m7mq-7q3r
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/10/GHSA-2xwp-m7mq-7q3r/GHSA-2xwp-m7mq-7q3r.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-2xwp-m7mq-7q3r
- Published
- 2020-10-28T17:05:38Z
- Modified
- 2024-12-02T05:50:42.319494Z
- Summary
- CLI does not correctly implement strict mode
- Details
-
In the affected versions, the AWS Encryption CLI operated in "discovery mode" even when "strict mode" was specified. Although decryption only succeeded if the user had permission to decrypt with at least one of the CMKs, decryption could be successful using a CMK that was not included in the user-defined set when the CLI was operating in "strict mode."
Affected users should upgrade to Encryption CLI v1.8.x or v2.1.x as soon as possible.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-326" ], "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2020-10-28T17:04:54Z" }- References
Affected packages
PyPI / aws-encryption-sdk-cli
Package
- Name
- aws-encryption-sdk-cli
- View open source insights on deps.dev
- Purl
- pkg:pypi/aws-encryption-sdk-cli
PyPI / aws-encryption-sdk-cli
Package
- Name
- aws-encryption-sdk-cli
- View open source insights on deps.dev
- Purl
- pkg:pypi/aws-encryption-sdk-cli