Aws Serverless Application Model Command Line Interface
Approved changes feed: RSS · Atom
cpe:2.3:a:aws:aws_serverless_application_model_command_line_interface:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Aws (e6707f00-6abb-51df-808c-9e3417305027) |
|---|---|
| Product | Aws Serverless Application Model Command Line Interface (3797c266-36ca-5012-be5b-404316b4d1be) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-3048 |
vulnerable | 2026-06-03 15:01:03.450740 |
Path Traversal in AWS SAM CLI allows file copy to local cache
MEDIUM (6.5)
After completing a build with AWS Serverless Application Model Command Line Interface (SAM CLI) which include symlinks, the content of those symlinks are copied to the cache of the local workspace as regular files or directories. As a result, a user who does not have access to those symlinks outside of the Docker container would now have access via the local workspace.
Users should upgrade to version 1.134.0 and ensure any forked or derivative code is patched to incorporate the new fixes. After upgrading, users must re-build their applications using the sam build --use-container to update the symlinks.
Published: 2025-03-31T15:21:16.205Z
Updated: 2025-10-14T19:23:20.481Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-3047 |
vulnerable | 2026-06-03 15:01:03.450129 |
Path Traversal in AWS SAM CLI allows file copy to build container
MEDIUM (6.5)
When running the AWS Serverless Application Model Command Line Interface (SAM CLI) build process with Docker and symlinks are included in the build files, the container environment allows a user to access privileged files on the host by leveraging the elevated permissions granted to the tool. A user could leverage the elevated permissions to access restricted files via symlinks and copy them to a more permissive location on the container.
Users should upgrade to v1.133.0 or newer and ensure any forked or derivative code is patched to incorporate the new fixes.
Published: 2025-03-31T15:21:11.290Z
Updated: 2025-10-14T19:22:56.059Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.