GCVE - cpe:2.3:a:aws:aws_encryption_sdk_for_python:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:aws:aws_encryption_sdk_for_python:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Aws (`e6707f00-6abb-51df-808c-9e3417305027`)
Product	Aws Encryption Sdk For Python (`fecf6a89-ff72-5f87-93f5-0e32bdb274cb`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-6550`	vulnerable	2026-06-03 15:27:55.450722	Key commitment policy bypass via shared key cache in AWS Encryption SDK for Python MEDIUM (4.7) Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python before version 3.3.1 and before version 4.0.5 might allow an authenticated local threat actor to bypass key commitment policy enforcement via a shared key cache, resulting in ciphertext that can be decrypted to multiple different plaintexts. To remediate this issue, users should upgrade to version 3.3.1, 4.0.5 or above. Published: 2026-04-20T19:20:23.383Z Updated: 2026-04-20T19:44:11.685Z Open on db.gcve.eu Reference links https://aws.amazon.com/security/security-bulletins/2026-017-aws/ https://github.com/aws/aws-encryption-sdk-python/releases/tag/v4.0.5 https://github.com/aws/aws-encryption-sdk-python/releases/tag/v3.3.1 https://github.com/aws/aws-encryption-sdk-python/security/advisories/GHSA-v638-38fc-rhfv	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.