dynamodb-encryption-sdk@1.0.3 vulnerabilities
DynamoDB Encryption Client for Python
-
latest version
3.2.0
-
latest non vulnerable version
-
first published
6 years ago
-
latest version published
a year ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the dynamodb-encryption-sdk package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
dynamodb-encryption-sdk is a DynamoDB Encryption Client for Python Affected versions of this package are vulnerable to Improper Authorization such that when key usage permissions are changed at the key provider, time-based key reauthorization logic in MostRecentProvider do not reauthorize the use of the key. This creates the potential for keys to be used in the DynamoDB Encryption Client after permissions to do so were revoked at the key provider. How to fix Improper Authorization? Upgrade |
[0,1.3.0)
|
dynamodb-encryption-sdk is a DynamoDB Encryption Client for Python Affected versions of this package are vulnerable to Improper Authorization. This concerns users of When key usage permissions are changed at the key provider, time-based key reauthorization logic in Workarounds:Users who cannot upgrade to use the How to fix Improper Authorization? Upgrade |
[,1.3.0)
|