Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/bedrock-agentcore-starter-toolkit@0.1.2
Typepypi
Namespace
Namebedrock-agentcore-starter-toolkit
Version0.1.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.1.13
Latest_non_vulnerable_version0.1.13
Affected_by_vulnerabilities
0
url VCID-teqm-7d7q-jqbc
vulnerability_id VCID-teqm-7d7q-jqbc
summary 
Improper S3 ownership verification in Bedrock AgentCore Starter Toolkit
## Summary
An issue has been identified in the Bedrock AgentCore Starter Toolkit versions prior to v0.1.13 that may allow a remote actor to inject code during the build process, leading to code execution in the AgentCore Runtime.


## Impact
A remote actor could inject code during the build process, leading to code execution in the AgentCore Runtime and a complete loss of confidentiality, integrity, and availability of the affected AgentCore resource.

Impacted versions:  All versions of Bedrock AgentCore Starter Toolkit versions before v0.1.13. This issue only affects users of the Bedrock AgentCore Starter Toolkit before version v0.1.13 who build the Toolkit after September 24, 2025. Any users on a version >=v0.1.13, and any users on previous versions who built the toolkit before September 24, 2025 date are not affected. 

## Patches
This issue has been addressed in version v0.1.13. AWS recommends upgrading to the latest version and ensuring any forked or derivative code is patched to incorporate the new fixes. 

## Workarounds
N/A

## References
If you have any questions or comments about this advisory, contact [AWS/Amazon] Security via our [vulnerability reporting page](https://aws.amazon.com/security/vulnerability-reporting) or directly via email to [aws-security@amazon.com](mailto:aws-security@amazon.com). Please do not create a public GitHub issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4269
reference_id
reference_type
scores
0
value 0.00068
scoring_system epss
scoring_elements 0.21119
published_at 2026-06-08T12:55:00Z
1
value 0.00068
scoring_system epss
scoring_elements 0.21183
published_at 2026-06-07T12:55:00Z
2
value 0.00068
scoring_system epss
scoring_elements 0.21229
published_at 2026-06-06T12:55:00Z
3
value 0.00068
scoring_system epss
scoring_elements 0.21243
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4269
1
reference_url https://aws.amazon.com/security/security-bulletins/2026-008-AWS
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 5.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://aws.amazon.com/security/security-bulletins/2026-008-AWS
2
reference_url https://github.com/aws/bedrock-agentcore-starter-toolkit
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 5.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aws/bedrock-agentcore-starter-toolkit
3
reference_url https://github.com/aws/bedrock-agentcore-starter-toolkit/releases/tag/v0.1.13
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 5.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-16T18:11:28Z/
url https://github.com/aws/bedrock-agentcore-starter-toolkit/releases/tag/v0.1.13
4
reference_url https://github.com/aws/bedrock-agentcore-starter-toolkit/security/advisories/GHSA-xfhr-q72q-jcrj
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aws/bedrock-agentcore-starter-toolkit/security/advisories/GHSA-xfhr-q72q-jcrj
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-4269
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 5.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-4269
6
reference_url https://aws.amazon.com/security/security-bulletins/2026-008-AWS/
reference_id 2026-008-AWS
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 5.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-16T18:11:28Z/
url https://aws.amazon.com/security/security-bulletins/2026-008-AWS/
7
reference_url https://github.com/advisories/GHSA-xfhr-q72q-jcrj
reference_id GHSA-xfhr-q72q-jcrj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xfhr-q72q-jcrj
fixed_packages
0
url pkg:pypi/bedrock-agentcore-starter-toolkit@0.1.13
purl pkg:pypi/bedrock-agentcore-starter-toolkit@0.1.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/bedrock-agentcore-starter-toolkit@0.1.13
aliases CVE-2026-4269, GHSA-xfhr-q72q-jcrj
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-teqm-7d7q-jqbc
Fixing_vulnerabilities
Risk_score3.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/bedrock-agentcore-starter-toolkit@0.1.2