apk package
chainguard/ruby3.4-aws-sdk-s3
pkg:apk/chainguard/ruby3.4-aws-sdk-s3
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-14762 | Med | 5.3 | < 1.217.0-r0 | 1.217.0-r0 | Dec 17, 2025 | Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitiga |
- affected < 1.217.0-r0fixed 1.217.0-r0
Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitiga