aws-sam-cli@1.33.0 vulnerabilities

AWS SAM CLI is a CLI tool for local development and testing of Serverless applications

Direct Vulnerabilities

Known vulnerabilities in the aws-sam-cli package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Insertion of Sensitive Information Into Log File

aws-sam-cli is an AWS SAM CLI is a CLI tool for local development and testing of Serverless applications

Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Log File through the DockerBuildArgs parameter, which allows an attacker to view sensitive data in clear text by accessing STDERR in the AWS SAM CLI output during the sam build command execution.

How to fix Insertion of Sensitive Information Into Log File?

Upgrade aws-sam-cli to version 1.122.0 or higher.

[,1.122.0)
  • L
Race Condition

aws-sam-cli is an AWS SAM CLI is a CLI tool for local development and testing of Serverless applications

Affected versions of this package are vulnerable to Race Condition on function update.

How to fix Race Condition?

Upgrade aws-sam-cli to version 1.51.0 or higher.

[,1.51.0)