VYPR

Maven package

software.amazon.encryption.s3/amazon-s3-encryption-client-java

pkg:maven/software.amazon.encryption.s3/amazon-s3-encryption-client-java

Vulnerabilities (1)

  • CVE-2025-14763MedDec 17, 2025
    affected < 4.0.0fixed 4.0.0

    Missing cryptographic key commitment in the Amazon S3 Encryption Client for Java may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata