AWS SDK XML Parser XpathUtils.java XpathUtils server-side request forgery

A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to version 2.59.1 is able to address this issue. The name of the patch is c3e6d69422e1f0c80fe53f2d757b8df97619af2b. It is recommended to upgrade the affected component. The identifier VDB-216737 was assigned to this vulnerability.

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

服务端请求伪造(SSRF)

AWS SDK for Android 代码问题漏洞

AWS SDK for Android是AWS Amplify开源的一个适用于 Android的 AWS SDK。 AWS SDK for Android 2.59.01之前版本存在代码问题漏洞，该漏洞源于组件XML Parser中aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java文件的函数XpathUtils存在问题，会导致服务器端请求伪造。

N/A

N/A