Homepage
About Snyk

aws-encryption-sdk@1.10.0 vulnerabilities

AWS Encryption SDK implementation for Python

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the aws-encryption-sdk package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Inadequate Encryption Strength

aws-encryption-sdk is an AWS Encryption SDK implementation for Python

Affected versions of this package are vulnerable to Inadequate Encryption Strength. A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript. Due to the non-committing property of AES-GCM (and other AEAD ciphers such as AES-GCM-SIV or (X)ChaCha20Poly1305) used by the SDKs to encrypt messages, an attacker can craft a unique cyphertext which will decrypt to multiple different results, and becomes especially relevant in a multi-recipient setting.

How to fix Inadequate Encryption Strength?

Upgrade aws-encryption-sdk to version 2.0.0 or higher.

[,2.0.0)
Go back to all versions of this package