[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2020-8911":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":134,"aliases":144,"duplicate_of":9,"upstream":147,"downstream":148,"duplicates":151,"related":152,"reserved_at":9,"published_at":160,"modified_at":161,"state":162,"summary":163,"references_raw":171,"kevs":222,"epss":223,"epss_history":226,"metrics":487,"affected":502},"CVE-2020-8911","A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code (MAC), which then allows an attacker who has write access to the target's S3 bucket and can observe whether or not an endpoint with access to the key can decrypt a file, they can reconstruct the plaintext with (on average) 128*length (plaintext) queries to the endpoint, by exploiting CBC's ability to manipulate the bytes of the next block and PKCS5 padding errors. It is recommended to update your SDK to V2 or later, and re-encrypt your files.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-327","Use of a Broken or Risky Cryptographic Algorithm","The product uses a broken or risky cryptographic algorithm or protocol.","weakness","Draft","Class","High",[20,24,28,118,122,126,130],{"id":21,"name":22,"techniques":23},"CAPEC-20","Encryption Brute Forcing",[],{"id":25,"name":26,"techniques":27},"CAPEC-459","Creating a Rogue Certification Authority Certificate",[],{"id":29,"name":30,"techniques":31},"CAPEC-473","Signature Spoof",[32,109],{"id":33,"name":34,"tactics":35,"countermeasures":42},"T1036.001","Invalid Code Signature",[36,39],{"id":37,"name":38},"TA0030","Defense Evasion",{"id":40,"name":41},"TA0005","Stealth",[43,48,52,56,60,65,70,75,80,85,89,93,97,101,105],{"id":44,"name":45,"tactic":46},"D3-FA","File Analysis",{"name":47},"Detect",{"id":49,"name":50,"tactic":51},"D3-FIM","File Integrity Monitoring",{"name":47},{"id":53,"name":54,"tactic":55},"D3-DA","Dynamic Analysis",{"name":47},{"id":57,"name":58,"tactic":59},"D3-EFA","Emulated File Analysis",{"name":47},{"id":61,"name":62,"tactic":63},"D3-FEV","File Eviction",{"name":64},"Evict",{"id":66,"name":67,"tactic":68},"D3-DF","Decoy File",{"name":69},"Deceive",{"id":71,"name":72,"tactic":73},"D3-FE","File Encryption",{"name":74},"Harden",{"id":76,"name":77,"tactic":78},"D3-RF","Restore File",{"name":79},"Restore",{"id":81,"name":82,"tactic":83},"D3-CF","Content Filtering",{"name":84},"Isolate",{"id":86,"name":87,"tactic":88},"D3-LFP","Local File Permissions",{"name":84},{"id":90,"name":91,"tactic":92},"D3-RFAM","Remote File Access Mediation",{"name":84},{"id":94,"name":95,"tactic":96},"D3-CQ","Content Quarantine",{"name":84},{"id":98,"name":99,"tactic":100},"D3-CM","Content Modification",{"name":84},{"id":102,"name":103,"tactic":104},"D3-EAL","Executable Allowlisting",{"name":84},{"id":106,"name":107,"tactic":108},"D3-EDL","Executable Denylisting",{"name":84},{"id":110,"name":111,"tactics":112,"countermeasures":117},"T1553.002","Code Signing",[113,114],{"id":37,"name":38},{"id":115,"name":116},"TA0112","Defense Impairment",[],{"id":119,"name":120,"techniques":121},"CAPEC-475","Signature Spoofing by Improper Validation",[],{"id":123,"name":124,"techniques":125},"CAPEC-608","Cryptanalysis of Cellular Encryption",[],{"id":127,"name":128,"techniques":129},"CAPEC-614","Rooting SIM Cards",[],{"id":131,"name":132,"techniques":133},"CAPEC-97","Cryptanalysis",[],[135],{"_key":136,"name":137,"source":138,"url":139,"maturity":140,"reliability_score":141,"verified":142,"type":9,"platforms":143,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_GOOGLE_SECURITY-RESEARCH","Security Research","github","https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj","poc",0.3,false,[],[145,146],"GHSA-f5pg-7wfw-84q9","GO-2022-0646",[],[149],{"_key":150},"OPENSUSE-SU-2024:14513-1",[],[153,154,156,158],{"_key":150},{"_key":155},"CGA-5P79-WXP7-9267",{"_key":157},"CGA-WJR9-45CJ-3VR5",{"_key":159},"CGA-WP54-C6Q6-Q47J","2020-08-11T19:20:14.000Z","2024-08-04T10:12:11.063Z","Modified",{"cisa_kev":142,"cisa_ransomware":142,"cisa_vendor":9,"epss_severity":164,"epss_score":165,"severity":166,"severity_score":167,"severity_version":168,"severity_source":169,"severity_vector":170,"severity_status":162},"low",0.00203,"medium",5.6,"v3.1","cve.org","CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",[172,181,188,192,197,201,205,209,214,218],{"url":173,"sources":174,"tags":177},"https://aws.amazon.com/blogs/developer/updates-to-the-amazon-s3-encryption-client/?s=09",[169,175,176],"nvd","osv_go",[178,179,180],"X Refsource CONFIRM","Vendor Advisory","WEB",{"url":182,"sources":183,"tags":184},"https://github.com/google/security-research/security/advisories/GHSA-f5pg-7wfw-84q9",[169,175,176],[178,185,186,180,187],"Exploit","Third Party Advisory","Advisory",{"url":189,"sources":190,"tags":191},"https://nvd.nist.gov/vuln/detail/CVE-2020-8911",[176],[187],{"url":193,"sources":194,"tags":195},"https://github.com/aws/aws-sdk-go/pull/3403",[176],[180,196],"FIX",{"url":198,"sources":199,"tags":200},"https://github.com/aws/aws-sdk-go/commit/1e84382fa1c0086362b5a4b68e068d4f8518d40e",[176],[180,196],{"url":202,"sources":203,"tags":204},"https://github.com/aws/aws-sdk-go/commit/ae9b9fd92af132cfd8d879809d8611825ba135f4",[176],[180,196],{"url":206,"sources":207,"tags":208},"https://bugzilla.redhat.com/show_bug.cgi?id=1869800",[176],[180],{"url":210,"sources":211,"tags":212},"https://github.com/aws/aws-sdk-go",[176],[213],"PACKAGE",{"url":215,"sources":216,"tags":217},"https://github.com/sophieschmieg/exploits/tree/master/aws_s3_crypto_poc",[176],[180],{"url":219,"sources":220,"tags":221},"https://pkg.go.dev/vuln/GO-2022-0646",[176],[180],[],{"date":224,"score":165,"percentile":225},"2026-06-04",0.42294,[227,230,233,236,239,241,244,247,250,253,256,259,262,265,268,272,275,278,281,284,287,290,293,296,299,302,305,308,311,314,317,320,323,326,329,332,335,338,340,343,346,349,352,354,356,360,363,366,369,372,374,376,379,381,384,387,390,393,395,398,401,404,407,410,412,415,418,421,424,427,430,433,436,439,441,444,447,450,453,456,459,461,464,467,470,472,475,478,481,484],{"date":228,"score":165,"percentile":229},"2025-11-04",0.42607,{"date":231,"score":165,"percentile":232},"2025-11-05",0.42599,{"date":234,"score":165,"percentile":235},"2025-11-06",0.42611,{"date":237,"score":165,"percentile":238},"2025-11-07",0.42638,{"date":240,"score":165,"percentile":238},"2025-11-08",{"date":242,"score":165,"percentile":243},"2025-11-09",0.42614,{"date":245,"score":165,"percentile":246},"2025-11-10",0.4258,{"date":248,"score":165,"percentile":249},"2025-11-11",0.42597,{"date":251,"score":165,"percentile":252},"2025-11-12",0.42631,{"date":254,"score":165,"percentile":255},"2025-11-13",0.42644,{"date":257,"score":165,"percentile":258},"2025-11-14",0.42654,{"date":260,"score":165,"percentile":261},"2025-11-15",0.42651,{"date":263,"score":165,"percentile":264},"2025-11-16",0.42635,{"date":266,"score":165,"percentile":267},"2025-11-17",0.42604,{"date":269,"score":270,"percentile":271},"2025-11-18",0.00026,0.03501,{"date":273,"score":270,"percentile":274},"2025-11-19",0.03552,{"date":276,"score":270,"percentile":277},"2025-11-20",0.0362,{"date":279,"score":165,"percentile":280},"2025-11-21",0.42587,{"date":282,"score":165,"percentile":283},"2025-11-22",0.42588,{"date":285,"score":165,"percentile":286},"2025-11-23",0.42559,{"date":288,"score":165,"percentile":289},"2025-11-24",0.42551,{"date":291,"score":165,"percentile":292},"2025-11-25",0.42566,{"date":294,"score":165,"percentile":295},"2025-11-26",0.42562,{"date":297,"score":165,"percentile":298},"2025-11-27",0.42565,{"date":300,"score":165,"percentile":301},"2025-11-28",0.42535,{"date":303,"score":165,"percentile":304},"2025-11-29",0.42515,{"date":306,"score":165,"percentile":307},"2025-11-30",0.42495,{"date":309,"score":165,"percentile":310},"2025-12-01",0.42618,{"date":312,"score":165,"percentile":313},"2025-12-02",0.42628,{"date":315,"score":165,"percentile":316},"2025-12-03",0.42629,{"date":318,"score":165,"percentile":319},"2025-12-04",0.42491,{"date":321,"score":165,"percentile":322},"2025-12-05",0.42516,{"date":324,"score":165,"percentile":325},"2025-12-06",0.42506,{"date":327,"score":165,"percentile":328},"2025-12-07",0.42486,{"date":330,"score":165,"percentile":331},"2025-12-08",0.42489,{"date":333,"score":165,"percentile":334},"2025-12-09",0.42523,{"date":336,"score":165,"percentile":337},"2025-12-10",0.42585,{"date":339,"score":165,"percentile":235},"2025-12-11",{"date":341,"score":165,"percentile":342},"2025-12-12",0.42639,{"date":344,"score":165,"percentile":345},"2025-12-13",0.42623,{"date":347,"score":165,"percentile":348},"2025-12-14",0.42583,{"date":350,"score":165,"percentile":351},"2025-12-15",0.42568,{"date":353,"score":165,"percentile":249},"2025-12-16",{"date":355,"score":165,"percentile":342},"2025-12-17",{"date":357,"score":358,"percentile":359},"2025-12-18",0.00209,0.43476,{"date":361,"score":358,"percentile":362},"2025-12-19",0.43495,{"date":364,"score":358,"percentile":365},"2025-12-20",0.43474,{"date":367,"score":358,"percentile":368},"2025-12-21",0.43436,{"date":370,"score":358,"percentile":371},"2025-12-22",0.43414,{"date":373,"score":165,"percentile":267},"2025-12-23",{"date":375,"score":165,"percentile":310},"2025-12-24",{"date":377,"score":165,"percentile":378},"2025-12-25",0.42663,{"date":380,"score":165,"percentile":255},"2025-12-26",{"date":382,"score":165,"percentile":383},"2025-12-27",0.42662,{"date":385,"score":165,"percentile":386},"2025-12-28",0.42567,{"date":388,"score":165,"percentile":389},"2025-12-29",0.42548,{"date":391,"score":165,"percentile":392},"2025-12-30",0.4254,{"date":394,"score":165,"percentile":337},"2025-12-31",{"date":396,"score":165,"percentile":397},"2026-01-01",0.42725,{"date":399,"score":165,"percentile":400},"2026-01-02",0.42699,{"date":402,"score":165,"percentile":403},"2026-01-03",0.42689,{"date":405,"score":165,"percentile":406},"2026-01-04",0.42528,{"date":408,"score":165,"percentile":409},"2026-01-05",0.42505,{"date":411,"score":165,"percentile":325},"2026-01-06",{"date":413,"score":165,"percentile":414},"2026-01-07",0.42526,{"date":416,"score":165,"percentile":417},"2026-01-08",0.42553,{"date":419,"score":165,"percentile":420},"2026-01-09",0.42531,{"date":422,"score":165,"percentile":423},"2026-01-10",0.4253,{"date":425,"score":165,"percentile":426},"2026-01-11",0.42503,{"date":428,"score":165,"percentile":429},"2026-01-12",0.42456,{"date":431,"score":165,"percentile":432},"2026-01-13",0.42435,{"date":434,"score":165,"percentile":435},"2026-01-14",0.42484,{"date":437,"score":165,"percentile":438},"2026-01-15",0.42475,{"date":440,"score":165,"percentile":307},"2026-01-16",{"date":442,"score":165,"percentile":443},"2026-01-17",0.42469,{"date":445,"score":165,"percentile":446},"2026-01-18",0.42431,{"date":448,"score":165,"percentile":449},"2026-01-19",0.42402,{"date":451,"score":165,"percentile":452},"2026-01-20",0.42393,{"date":454,"score":165,"percentile":455},"2026-01-21",0.424,{"date":457,"score":165,"percentile":458},"2026-01-22",0.42401,{"date":460,"score":165,"percentile":429},"2026-01-23",{"date":462,"score":165,"percentile":463},"2026-01-24",0.42464,{"date":465,"score":165,"percentile":466},"2026-01-25",0.42412,{"date":468,"score":165,"percentile":469},"2026-01-26",0.42371,{"date":471,"score":165,"percentile":469},"2026-01-27",{"date":473,"score":165,"percentile":474},"2026-01-28",0.42367,{"date":476,"score":165,"percentile":477},"2026-01-29",0.42351,{"date":479,"score":165,"percentile":480},"2026-01-30",0.42357,{"date":482,"score":165,"percentile":483},"2026-01-31",0.42365,{"date":485,"score":165,"percentile":486},"2026-02-01",0.4248,[488,493,500],{"source":169,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":489,"cvss_v4_0":9},{"baseScore":167,"baseSeverity":490,"vectorString":170,"impactScore":491,"exploitabilityScore":492},"MEDIUM",6.7,2.8,{"source":175,"cvss_v2_0":494,"cvss_v3_0":9,"cvss_v3_1":499,"cvss_v4_0":9},{"baseScore":495,"baseSeverity":9,"vectorString":496,"impactScore":497,"exploitabilityScore":498},2.1,"AV:L/AC:L/Au:N/C:P/I:N/A:N",2.9,3.9,{"baseScore":167,"baseSeverity":490,"vectorString":170,"impactScore":491,"exploitabilityScore":492},{"source":176,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":501,"cvss_v4_0":9},{"baseScore":167,"baseSeverity":9,"vectorString":170,"impactScore":491,"exploitabilityScore":492},[503,515,528],{"ecosystem":9,"name":504,"vendor":505,"product":506,"cpe_part":507,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":508},"aws s3 crypto sdk","amazon","aws_s3_crypto_sdk","a",[509],{"version":510,"is_range":511,"range_type":512,"version_start":9,"version_start_type":9,"version_end":513,"version_end_type":514,"fixed_in":9},"lt2.0",true,"cpe","2.0","excluding",{"ecosystem":516,"name":517,"vendor":518,"product":519,"cpe_part":9,"purl_type":520,"purl_namespace":518,"purl_name":519,"source":9,"versions":521},"Go","github.com/aws/aws-sdk-go","github.com/aws","aws-sdk-go","golang",[522,525],{"version":523,"is_range":511,"range_type":524,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"all","semver",{"version":526,"is_range":511,"range_type":524,"version_start":9,"version_start_type":9,"version_end":527,"version_end_type":514,"fixed_in":9},"lt1_34_0","1.34.0",{"ecosystem":9,"name":529,"vendor":530,"product":531,"cpe_part":507,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":532},"AWS S3 Crypto SDK for GoLang","google llc","aws s3 crypto sdk for golang",[533],{"version":534,"is_range":511,"range_type":169,"version_start":535,"version_start_type":536,"version_end":537,"version_end_type":536,"fixed_in":9},">= stable, \u003C= V1","stable","including","V1"]