VulnerableCode Package Details - pkg:maven/com.amazonaws/aws-encryption-sdk-java@2.0.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-9bkd-bytp-97b9 Aliases: GHSA-gvc7-gjrw-hj65	Duplicate Advisory: Improper Verification of Cryptographic Signature in aws-encryption-sdk-java	2.2.0 Affected by 0 other vulnerabilities.
VCID-zd4q-r197-hbe5 Aliases: CVE-2024-23680 GHSA-55xh-53m6-936r GMS-2021-60	AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9.0 incorrectly validates some invalid ECDSA signatures.	2.2.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-9bkd-bytp-97b9
Aliases:
GHSA-gvc7-gjrw-hj65

Duplicate Advisory: Improper Verification of Cryptographic Signature in aws-encryption-sdk-java

2.2.0
Affected by 0 other vulnerabilities.

VCID-zd4q-r197-hbe5
Aliases:
CVE-2024-23680
GHSA-55xh-53m6-936r
GMS-2021-60

AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9.0 incorrectly validates some invalid ECDSA signatures.

2.2.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-hj1a-4jk7-dkd5	A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript prior to versions 2.0.0. Due to the non-committing property of AES-GCM (and other AEAD ciphers such as AES-GCM-SIV or (X)ChaCha20Poly1305) used by the SDKs to encrypt messages, an attacker can craft a unique cyphertext which will decrypt to multiple different results, and becomes especially relevant in a multi-recipient setting. We recommend users update their SDK to 2.0.0 or later.	CVE-2020-8897 GHSA-wqgp-vphw-hphf PYSEC-2020-261

Vulnerability

Summary

Aliases

VCID-hj1a-4jk7-dkd5

A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript prior to versions 2.0.0. Due to the non-committing property of AES-GCM (and other AEAD ciphers such as AES-GCM-SIV or (X)ChaCha20Poly1305) used by the SDKs to encrypt messages, an attacker can craft a unique cyphertext which will decrypt to multiple different results, and becomes especially relevant in a multi-recipient setting. We recommend users update their SDK to 2.0.0 or later.

CVE-2020-8897
GHSA-wqgp-vphw-hphf
PYSEC-2020-261

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-13T06:24:37.988119+00:00	GHSA Importer	Fixing	VCID-hj1a-4jk7-dkd5	https://github.com/advisories/GHSA-wqgp-vphw-hphf	38.6.0
2026-06-13T06:23:33.799299+00:00	GHSA Importer	Affected by	VCID-zd4q-r197-hbe5	https://github.com/advisories/GHSA-55xh-53m6-936r	38.6.0
2026-06-12T17:42:03.288328+00:00	GitLab Importer	Affected by	VCID-zd4q-r197-hbe5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.amazonaws/aws-encryption-sdk-java/CVE-2024-23680.yml	38.6.0
2026-06-12T15:47:56.028656+00:00	GitLab Importer	Affected by	VCID-9bkd-bytp-97b9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.amazonaws/aws-encryption-sdk-java/GHSA-gvc7-gjrw-hj65.yml	38.6.0
2026-06-12T15:42:30.248898+00:00	GitLab Importer	Fixing	VCID-hj1a-4jk7-dkd5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.amazonaws/aws-encryption-sdk-java/CVE-2020-8897.yml	38.6.0
2026-06-12T08:02:49.122180+00:00	GithubOSV Importer	Fixing	VCID-hj1a-4jk7-dkd5	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/10/GHSA-wqgp-vphw-hphf/GHSA-wqgp-vphw-hphf.json	38.6.0
2026-06-11T20:33:37.792956+00:00	GHSA Importer	Affected by	VCID-9bkd-bytp-97b9	https://github.com/advisories/GHSA-gvc7-gjrw-hj65	38.6.0