CVE-2022-4725

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-4725

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-4725.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-4725

Aliases

GHSA-f5h9-qx38-2hgp

Published

2022-12-27T15:15:12Z

Modified

2025-05-28T10:33:57.749952Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to version 2.59.1 is able to address this issue. The name of the patch is c3e6d69422e1f0c80fe53f2d757b8df97619af2b. It is recommended to upgrade the affected component. The identifier VDB-216737 was assigned to this vulnerability.

References

Affected packages

Git / github.com/aws-amplify/aws-sdk-android

Affected ranges

Type: GIT
Repo: https://github.com/aws-amplify/aws-sdk-android
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

9fa874ac5414a0206e39e5430b2336f92a64c6c9

Fixed

9fa874ac5414a0206e39e5430b2336f92a64c6c9

Fixed

c3e6d69422e1f0c80fe53f2d757b8df97619af2b

Fixed

c3e6d69422e1f0c80fe53f2d757b8df97619af2b

Affected versions

release_v2.*

release_v2.0.5

release_v2.1.0

release_v2.1.10

release_v2.1.1_general_availability

release_v2.1.7

release_v2.1.8

release_v2.1.9

release_v2.16.12

release_v2.16.13

release_v2.17.0

release_v2.17.1

release_v2.18.0

release_v2.19.0

release_v2.19.2

release_v2.19.3

release_v2.2.0

release_v2.2.1

release_v2.2.10

release_v2.2.11

release_v2.2.12

release_v2.2.13

release_v2.2.14

release_v2.2.15

release_v2.2.16

release_v2.2.17

release_v2.2.18

release_v2.2.19

release_v2.2.2

release_v2.2.20

release_v2.2.21

release_v2.2.22

release_v2.2.3

release_v2.2.4

release_v2.2.5

release_v2.2.6

release_v2.2.7

release_v2.2.8

release_v2.2.9

release_v2.20.0

release_v2.20.1

release_v2.22.1

release_v2.22.2

release_v2.22.3

release_v2.22.4

release_v2.22.5

release_v2.22.6

release_v2.22.7

release_v2.23.0

release_v2.24.0

release_v2.25.0

release_v2.26.0

release_v2.27.0

release_v2.28.0

release_v2.29.0

release_v2.3.0

release_v2.3.1

release_v2.3.2

release_v2.3.3

release_v2.3.4

release_v2.3.5

release_v2.3.6

release_v2.3.7

release_v2.3.8

release_v2.3.9

release_v2.30.0

release_v2.31.0

release_v2.32.0

release_v2.33.0

release_v2.34.0

release_v2.35.0

release_v2.36.0

release_v2.37.0

release_v2.37.1

release_v2.38.0

release_v2.39.0

release_v2.4.0

release_v2.4.1

release_v2.4.2

release_v2.4.3

release_v2.4.4

release_v2.4.5

release_v2.4.6

release_v2.4.7

release_v2.40.0

release_v2.41.0

release_v2.41.1

release_v2.42.0

release_v2.43.0

release_v2.44.0

release_v2.45.0

release_v2.46.0

release_v2.47.0

release_v2.48.0

release_v2.48.1

release_v2.49.0

release_v2.50.0

release_v2.50.1

release_v2.51.0

release_v2.52.0

release_v2.52.1

release_v2.53.0

release_v2.54.0

release_v2.55.0

release_v2.56.0

release_v2.57.0

release_v2.58.0

release_v2.59.0

release_v2.6.0

release_v2.6.1

release_v2.6.2

release_v2.6.3

release_v2.6.4

release_v2.6.5

release_v2.6.6