VulnerableCode Vulnerability Details - VCID-6rk4-9zxf-vuep

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-6rk4-9zxf-vuep

Essentials
Severities (1)
References (2)
Severity details (1)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-6rk4-9zxf-vuep
Aliases	GHSA-x5h4-9gqw-942j GMS-2021-5
Summary	Improper Verification of Cryptographic Signature in aws-encryption-sdk This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages. This ESDK supports a streaming mode where callers may stream the plaintext of signed messages before the ECDSA signature is validated.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-347	Improper Verification of Cryptographic Signature

System	Score	Found at
generic_textual	MODERATE	https://github.com/aws/aws-encryption-sdk-python/security/advisories/GHSA-x5h4-9gqw-942j

Reference id	Reference type	URL
GHSA-x5h4-9gqw-942j		https://github.com/advisories/GHSA-x5h4-9gqw-942j
GHSA-x5h4-9gqw-942j		https://github.com/aws/aws-encryption-sdk-python/security/advisories/GHSA-x5h4-9gqw-942j

No exploits are available.

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-04T16:21:29.763629+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aws-encryption-sdk/GMS-2021-5.yml	38.6.0