Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Amazon Subscribe
Filtered by product Aws Sdk For Javascipt
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-28472 1 Amazon 2 Aws Sdk For Javascipt, Aws Shared Configuration File Loader 2021-01-28 7.5 HIGH 9.8 CRITICAL
This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This can be exploited further depending on the context.