GHSA-rjc6-vm4h-85cg: Sensitive Information Exposure Through Insecure Logging For Secrets Like Metadata.DockerBuildArgs

September 11, 2024

The AWS Serverless Application Model (SAM) CLI is an open source tool that allows customers to build, deploy and test their serverless applications built on AWS. AWS SAM CLI can build container (Docker) images and customers can specify arguments in the SAM template that are passed to the Docker engine during build [1].

References

github.com/advisories/GHSA-rjc6-vm4h-85cg
github.com/aws/aws-sam-cli
github.com/aws/aws-sam-cli/security/advisories/GHSA-rjc6-vm4h-85cg

Code Behaviors & Features

Detect and mitigate GHSA-rjc6-vm4h-85cg with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →