CVE-2022-4725

EPSS 0.08%
Published 27.12.2022 15:15:12
Last modified 21.11.2024 07:35:49
Source cna@vuldb.com
Teams watchlist Login
Open Login

A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to version 2.59.1 is able to address this issue. The name of the patch is c3e6d69422e1f0c80fe53f2d757b8df97619af2b. It is recommended to upgrade the affected component. The identifier VDB-216737 was assigned to this vulnerability.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Amazon ≫ Aws Software Development Kit SwPlatformandroid Version < 2.59.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.08%	0.245

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cna@vuldb.com	5.5	2.1	3.4	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://github.com/aws-amplify/aws-sdk-android/commit/c3e6d69422e1f0c80fe53f2d757b8df97619af2b

Patch

Third Party Advisory

https://github.com/aws-amplify/aws-sdk-android/pull/3100

Patch

Third Party Advisory

https://github.com/aws-amplify/aws-sdk-android/releases/tag/release_v2.59.1

Third Party Advisory

Release Notes

https://vuldb.com/?id.216737

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-4725

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-4725

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-4725

EUVD