VulnerableCode Package Details - pkg:pypi/aws-encryption-sdk@1.3.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:pypi/aws-encryption-sdk@1.3.0

Essentials
History (1)

purl	pkg:pypi/aws-encryption-sdk@1.3.0

Next non-vulnerable version	2.0.0
Latest non-vulnerable version	2.0.0
Risk

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-6szz-puzq-67bx Aliases: CVE-2020-8897 GHSA-wqgp-vphw-hphf PYSEC-2020-261	A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript prior to versions 2.0.0. Due to the non-committing property of AES-GCM (and other AEAD ciphers such as AES-GCM-SIV or (X)ChaCha20Poly1305) used by the SDKs to encrypt messages, an attacker can craft a unique cyphertext which will decrypt to multiple different results, and becomes especially relevant in a multi-recipient setting. We recommend users update their SDK to 2.0.0 or later.	2.0.0 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:07:56.055820+00:00	Pypa Importer	Affected by	VCID-6szz-puzq-67bx	https://github.com/pypa/advisory-database/blob/main/vulns/aws-encryption-sdk/PYSEC-2020-261.yaml	38.6.0