VYPR

apk package

chainguard/ruby4.0-aws-sdk-s3

pkg:apk/chainguard/ruby4.0-aws-sdk-s3

Vulnerabilities (1)

  • CVE-2025-14762MedDec 17, 2025
    affected < 1.217.0-r0fixed 1.217.0-r0

    Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitiga