Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/aws/aws-sdk-php@3.224.3
Typecomposer
Namespaceaws
Nameaws-sdk-php
Version3.224.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.371.4
Latest_non_vulnerable_version3.371.4
Affected_by_vulnerabilities
0
url VCID-3zv1-bxdy-tudm
vulnerability_id VCID-3zv1-bxdy-tudm
summary 
Missing cryptographic key commitment in the AWS SDK for PHP may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record.

To mitigate this issue, upgrade AWS SDK for PHP to version 3.368.0 or later
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-14761
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.04288
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-14761
1
reference_url https://aws.amazon.com/security/security-bulletins/AWS-2025-032
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://aws.amazon.com/security/security-bulletins/AWS-2025-032
2
reference_url https://github.com/aws/aws-sdk-php
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-sdk-php
3
reference_url https://github.com/aws/aws-sdk-php/commit/6827cac70397dca07e6e86f7cf630954ec2bc6bf
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-sdk-php/commit/6827cac70397dca07e6e86f7cf630954ec2bc6bf
4
reference_url https://github.com/aws/aws-sdk-php/releases/tag/3.368.0
reference_id 3.368.0
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T20:36:01Z/
url https://github.com/aws/aws-sdk-php/releases/tag/3.368.0
5
reference_url https://aws.amazon.com/security/security-bulletins/AWS-2025-032/
reference_id AWS-2025-032
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T20:36:01Z/
url https://aws.amazon.com/security/security-bulletins/AWS-2025-032/
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-14761
reference_id CVE-2025-14761
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-14761
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/aws/aws-sdk-php/CVE-2025-14761.yaml
reference_id CVE-2025-14761.YAML
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/aws/aws-sdk-php/CVE-2025-14761.yaml
8
reference_url https://github.com/advisories/GHSA-x8cp-jf6f-r4xh
reference_id GHSA-x8cp-jf6f-r4xh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x8cp-jf6f-r4xh
9
reference_url https://github.com/aws/aws-sdk-php/security/advisories/GHSA-x8cp-jf6f-r4xh
reference_id GHSA-x8cp-jf6f-r4xh
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T20:36:01Z/
url https://github.com/aws/aws-sdk-php/security/advisories/GHSA-x8cp-jf6f-r4xh
fixed_packages
0
url pkg:composer/aws/aws-sdk-php@3.368.0
purl pkg:composer/aws/aws-sdk-php@3.368.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4bky-c16h-6kfs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/aws/aws-sdk-php@3.368.0
aliases CVE-2025-14761, GHSA-x8cp-jf6f-r4xh
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3zv1-bxdy-tudm
1
url VCID-4bky-c16h-6kfs
vulnerability_id VCID-4bky-c16h-6kfs
summary 
AWS SDK for PHP has CloudFront Policy Document Injection via Special Characters
### Summary

This notification is related to the [CloudFront signing utilities](https://github.com/aws/aws-sdk-php/blob/master/src/CloudFront/Signer.php) in the AWS SDK for PHP, which are used to generate Amazon CloudFront signed URLs and signed cookies. A defense-in-depth enhancement has been implemented to improve handling of special characters, such as double quotes and backslashes, in input values.

### Impact

The CloudFront signing utilities build policy documents that define access restrictions for signed URLs and cookies. If an application passes unsanitized input containing special characters to these utilities, the resulting policy document may not reflect the application's intended access restrictions. While the SDK was functioning safely within the requirements of the shared responsibility model, additional safeguards have been added to support secure customer implementations. Applications that already follow AWS security best practices for input validation are not impacted.

### Impacted versions: 3.11.7 - 3.371.3

### Patches

On 3/3/2026, an enhancement was made to the AWS SDK for PHP version 3.371.4. The enhancement ensures that special characters in input values are correctly handled. It is recommended to upgrade to the latest version.

### Workarounds

No workarounds are needed, but customers should ensure that the application is following security best practices:

- Implement proper input validation in application code before passing values to CloudFront signing utilities
- Update to the latest AWS SDK release on a regular basis
- Follow AWS security best practices for SDK configuration

### References

For any questions or comments about this advisory, it is recommended to contact AWS Security via the [vulnerability reporting page](https://aws.amazon.com/security/vulnerability-reporting) or directly via email to [aws-security@amazon.com](mailto:aws-security@amazon.com). Please do not create a public GitHub issue.

### Acknowledgement

The Amazon Inspector Security Research team is thanked for identifying this issue and working through the coordinated process.
references
0
reference_url https://github.com/aws/aws-sdk-php
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-sdk-php
1
reference_url https://github.com/aws/aws-sdk-php/blob/master/src/CloudFront/Signer.php
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-sdk-php/blob/master/src/CloudFront/Signer.php
2
reference_url https://github.com/aws/aws-sdk-php/releases/tag/3.371.4
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-sdk-php/releases/tag/3.371.4
3
reference_url https://github.com/aws/aws-sdk-php/security/advisories/GHSA-27qh-8cxx-2cr5
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-sdk-php/security/advisories/GHSA-27qh-8cxx-2cr5
4
reference_url https://github.com/advisories/GHSA-27qh-8cxx-2cr5
reference_id GHSA-27qh-8cxx-2cr5
reference_type
scores
url https://github.com/advisories/GHSA-27qh-8cxx-2cr5
fixed_packages
0
url pkg:composer/aws/aws-sdk-php@3.371.4
purl pkg:composer/aws/aws-sdk-php@3.371.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/aws/aws-sdk-php@3.371.4
aliases GHSA-27qh-8cxx-2cr5
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4bky-c16h-6kfs
2
url VCID-gw1n-hk2u-4yes
vulnerability_id VCID-gw1n-hk2u-4yes
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-51651
reference_id
reference_type
scores
0
value 0.0011
scoring_system epss
scoring_elements 0.28909
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-51651
1
reference_url https://github.com/aws/aws-sdk-php
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-sdk-php
2
reference_url https://github.com/aws/aws-sdk-php/commit/aebc9f801438746ac4ade327551576cb75f635f2
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-sdk-php/commit/aebc9f801438746ac4ade327551576cb75f635f2
3
reference_url https://github.com/aws/aws-sdk-php/releases/tag/3.288.1
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-sdk-php/releases/tag/3.288.1
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/aws/aws-sdk-php/CVE-2023-51651.yaml
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/aws/aws-sdk-php/CVE-2023-51651.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-51651
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-51651
6
reference_url https://github.com/advisories/GHSA-557v-xcg6-rm5m
reference_id GHSA-557v-xcg6-rm5m
reference_type
scores
url https://github.com/advisories/GHSA-557v-xcg6-rm5m
7
reference_url https://github.com/aws/aws-sdk-php/security/advisories/GHSA-557v-xcg6-rm5m
reference_id GHSA-557v-xcg6-rm5m
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-sdk-php/security/advisories/GHSA-557v-xcg6-rm5m
fixed_packages
0
url pkg:composer/aws/aws-sdk-php@3.288.1
purl pkg:composer/aws/aws-sdk-php@3.288.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3zv1-bxdy-tudm
1
vulnerability VCID-4bky-c16h-6kfs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/aws/aws-sdk-php@3.288.1
aliases CVE-2023-51651, GHSA-557v-xcg6-rm5m
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gw1n-hk2u-4yes
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/aws/aws-sdk-php@3.224.3