GHSA-443w-3rq3-5m5h: AWS SDK for Java 2.0: Improper Handling of Special Characters in CloudFront Signing Utilities
This notification is related to the CloudFront signing utilities in the AWS SDK for Java v2, which are used to generate Amazon CloudFront signed URLs and signed cookies. A defense-in-depth enhancement has been implemented to improve handling of special characters, such as double quotes and backslashes, in input values.
References
- docs.aws.amazon.com/sdk-for-java/latest/developer-guide/security.html
- github.com/advisories/GHSA-443w-3rq3-5m5h
- github.com/aws/aws-sdk-java-v2
- github.com/aws/aws-sdk-java-v2/blob/master/services/cloudfront/src/main/java/software/amazon/awssdk/services/cloudfront/CloudFrontUtilities.java
- github.com/aws/aws-sdk-java-v2/security/advisories/GHSA-443w-3rq3-5m5h
Code Behaviors & Features
Detect and mitigate GHSA-443w-3rq3-5m5h with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →