VYPR

Packagist (Composer) package

aws/aws-sdk-php

pkg:composer/aws/aws-sdk-php

Vulnerabilities (3)

  • CVE-2025-14761MedDec 17, 2025
    affected < 3.368.0fixed 3.368.0

    Missing cryptographic key commitment in the AWS SDK for PHP may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate

  • CVE-2023-51651Dec 22, 2023
    affected < 3.288.1fixed 3.288.1

    AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the `buildEndpoint` method in the RestSerializer compone

  • CVE-2015-5723HigJun 7, 2016
    affected >= 3.0.0, < 3.2.1fixed 3.2.1

    Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, wh