Hallo zusammen,
sofern nicht selber schon gesehen/-lesen hier [0] - FYI
[0] "Proof of Concept for AWS S3 crypto vulnerabilities" [1] "Updates to the Amazon S3 Encryption Client" [2] "Unencrypted md5 plaintext hash in metadata in AWS S3 Crypto SDK for golang" [3] "CBC padding oracle issue in AWS S3 Crypto SDK for golang" [4] "In-band key negotiation issue in AWS S3 Crypto SDK for golang"
VG
Bernd
[0] https://github.com/sophieschmieg/exploits/tree/master/aws_s3_crypto_poc
[1] https://aws.amazon.com/blogs/developer/updates-to-the-amazon-s3-encryption-c...
[2] https://github.com/google/security-research/security/advisories/GHSA-76wf-9v...
[3] https://github.com/google/security-research/security/advisories/GHSA-f5pg-7w...
[4] https://github.com/google/security-research/security/advisories/GHSA-7f33-f4...
rwth-security@lists.rwth-aachen.de