Go modules package
github.com/aws/amazon-s3-encryption-client-go/v3
pkg:golang/github.com/aws/amazon-s3-encryption-client-go/v3
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-14764 | Med | 5.3 | < 4.0.0 | 4.0.0 | Dec 17, 2025 | Missing cryptographic key commitment in the Amazon S3 Encryption Client for Go may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata r |
- affected < 4.0.0fixed 4.0.0
Missing cryptographic key commitment in the Amazon S3 Encryption Client for Go may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata r