CNNVD-202512-3218 Information

CNNVD ID

CNNVD-202512-3218

Related CVE

CVE-2025-14762

• CNNVD Published: 2025-12-17

Description (Chinese)

AWS SDK for Ruby是Amazon Web Services开源的一个Ruby的开发者工具包。 AWS SDK for Ruby存在安全漏洞，该漏洞源于缺少加密密钥承诺，可能导致具有S3存储桶写入权限的用户引入新的EDK，解密出不同的明文。

Description (English)

AWS SDK for Ruby is a Ruby development toolkit for Amazon Web Services open source. AWS SDK for Ruby has a security loophole, which stems from a lack of encryption key commitments, which could lead to new EDKs being introduced by users with S3 cans of write permission to decrypt different specifications.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Amazon Web Services

Published

2025-12-17

Last Modified

2026-02-24

References

https://aws.amazon.com/security/security-bulletins/AWS-2025-032/ https://github.com/aws/aws-sdk-ruby/security/advisories/GHSA-2xgq-q749-89fq https://rubygems.org/gems/aws-sdk-s3/versions/1.208.0

Patch

https://aws.amazon.com/cn/sdk-for-ruby/