AWS SDK XML Parser XpathUtils.java XpathUtils server-side request forgery
CVE-2022-4725

5.5MEDIUM

Key Information:

Vendor: Amazon
Status: Aws Sdk
Vendor: CVE Published:; 27 December 2022

What is CVE-2022-4725?

A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to version 2.59.1 is able to address this issue. The name of the patch is c3e6d69422e1f0c80fe53f2d757b8df97619af2b. It is recommended to upgrade the affected component. The identifier VDB-216737 was assigned to this vulnerability.

Affected Version(s)

AWS SDK 2.59.0

References

https://vuldb.com/?id.216737

technical-descriptionvdb-entry

https://github.com/aws-amplify/aws-sdk-android/pull/3100

https://github.com/aws-amplify/aws-sdk-android/commit/c3e...

mitigationpatch

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 27, 2022
Vulnerability Reserved
Dec 24, 2022

Amazon

What is CVE-2022-4725?

Affected Version(s)

References

CVSS V3.1

Timeline