[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2020-8912":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":134,"aliases":144,"duplicate_of":9,"upstream":147,"downstream":148,"duplicates":151,"related":152,"reserved_at":9,"published_at":158,"modified_at":159,"state":160,"summary":161,"references_raw":168,"kevs":219,"epss":220,"epss_history":223,"metrics":486,"affected":501},"CVE-2020-8912","A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-CTR. Using this in combination with a decryption oracle can reveal the authentication key used by AES-GCM as decrypting the GMAC tag leaves the authentication key recoverable as an algebraic equation. It is recommended to update your SDK to V2 or later, and re-encrypt your files.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-327","Use of a Broken or Risky Cryptographic Algorithm","The product uses a broken or risky cryptographic algorithm or protocol.","weakness","Draft","Class","High",[20,24,28,118,122,126,130],{"id":21,"name":22,"techniques":23},"CAPEC-20","Encryption Brute Forcing",[],{"id":25,"name":26,"techniques":27},"CAPEC-459","Creating a Rogue Certification Authority Certificate",[],{"id":29,"name":30,"techniques":31},"CAPEC-473","Signature Spoof",[32,109],{"id":33,"name":34,"tactics":35,"countermeasures":42},"T1036.001","Invalid Code Signature",[36,39],{"id":37,"name":38},"TA0030","Defense Evasion",{"id":40,"name":41},"TA0005","Stealth",[43,48,52,56,60,65,70,75,80,85,89,93,97,101,105],{"id":44,"name":45,"tactic":46},"D3-FA","File Analysis",{"name":47},"Detect",{"id":49,"name":50,"tactic":51},"D3-FIM","File Integrity Monitoring",{"name":47},{"id":53,"name":54,"tactic":55},"D3-DA","Dynamic Analysis",{"name":47},{"id":57,"name":58,"tactic":59},"D3-EFA","Emulated File Analysis",{"name":47},{"id":61,"name":62,"tactic":63},"D3-FEV","File Eviction",{"name":64},"Evict",{"id":66,"name":67,"tactic":68},"D3-DF","Decoy File",{"name":69},"Deceive",{"id":71,"name":72,"tactic":73},"D3-FE","File Encryption",{"name":74},"Harden",{"id":76,"name":77,"tactic":78},"D3-RF","Restore File",{"name":79},"Restore",{"id":81,"name":82,"tactic":83},"D3-CF","Content Filtering",{"name":84},"Isolate",{"id":86,"name":87,"tactic":88},"D3-LFP","Local File Permissions",{"name":84},{"id":90,"name":91,"tactic":92},"D3-RFAM","Remote File Access Mediation",{"name":84},{"id":94,"name":95,"tactic":96},"D3-CQ","Content Quarantine",{"name":84},{"id":98,"name":99,"tactic":100},"D3-CM","Content Modification",{"name":84},{"id":102,"name":103,"tactic":104},"D3-EAL","Executable Allowlisting",{"name":84},{"id":106,"name":107,"tactic":108},"D3-EDL","Executable Denylisting",{"name":84},{"id":110,"name":111,"tactics":112,"countermeasures":117},"T1553.002","Code Signing",[113,114],{"id":37,"name":38},{"id":115,"name":116},"TA0112","Defense Impairment",[],{"id":119,"name":120,"techniques":121},"CAPEC-475","Signature Spoofing by Improper Validation",[],{"id":123,"name":124,"techniques":125},"CAPEC-608","Cryptanalysis of Cellular Encryption",[],{"id":127,"name":128,"techniques":129},"CAPEC-614","Rooting SIM Cards",[],{"id":131,"name":132,"techniques":133},"CAPEC-97","Cryptanalysis",[],[135],{"_key":136,"name":137,"source":138,"url":139,"maturity":140,"reliability_score":141,"verified":142,"type":9,"platforms":143,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_GOOGLE_SECURITY-RESEARCH","Security Research","github","https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj","poc",0.3,false,[],[145,146],"GHSA-7f33-f4f5-xwgw","GO-2022-0635",[],[149],{"_key":150},"OPENSUSE-SU-2024:14599-1",[],[153,154,156],{"_key":150},{"_key":155},"CGA-8GCV-7232-CV9C",{"_key":157},"CGA-XRQ5-P686-839H","2020-08-11T19:20:14.000Z","2024-08-04T10:12:10.969Z","Modified",{"cisa_kev":142,"cisa_ransomware":142,"cisa_vendor":9,"epss_severity":162,"epss_score":163,"severity":162,"severity_score":164,"severity_version":165,"severity_source":166,"severity_vector":167,"severity_status":160},"low",0.00141,2.5,"v3.1","cve.org","CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",[169,178,185,189,194,198,202,206,211,215],{"url":170,"sources":171,"tags":174},"https://aws.amazon.com/blogs/developer/updates-to-the-amazon-s3-encryption-client/?s=09",[166,172,173],"nvd","osv_go",[175,176,177],"X Refsource CONFIRM","Vendor Advisory","WEB",{"url":179,"sources":180,"tags":181},"https://github.com/google/security-research/security/advisories/GHSA-7f33-f4f5-xwgw",[166,172,173],[175,182,183,177,184],"Exploit","Third Party Advisory","Advisory",{"url":186,"sources":187,"tags":188},"https://nvd.nist.gov/vuln/detail/CVE-2020-8912",[173],[184],{"url":190,"sources":191,"tags":192},"https://github.com/aws/aws-sdk-go/pull/3403",[173],[177,193],"FIX",{"url":195,"sources":196,"tags":197},"https://github.com/aws/aws-sdk-go/commit/1e84382fa1c0086362b5a4b68e068d4f8518d40e",[173],[177,193],{"url":199,"sources":200,"tags":201},"https://github.com/aws/aws-sdk-go/commit/ae9b9fd92af132cfd8d879809d8611825ba135f4",[173],[177,193],{"url":203,"sources":204,"tags":205},"https://bugzilla.redhat.com/show_bug.cgi?id=1869801",[173],[177],{"url":207,"sources":208,"tags":209},"https://github.com/aws/aws-sdk-go",[173],[210],"PACKAGE",{"url":212,"sources":213,"tags":214},"https://github.com/sophieschmieg/exploits/tree/master/aws_s3_crypto_poc",[173],[177],{"url":216,"sources":217,"tags":218},"https://pkg.go.dev/vuln/GO-2022-0646",[173],[177],[],{"date":221,"score":163,"percentile":222},"2026-06-04",0.33871,[224,227,230,233,236,239,242,245,248,251,254,257,260,263,266,270,273,276,279,282,285,288,291,293,296,299,302,305,307,310,313,316,319,322,325,328,331,334,337,340,343,346,349,351,354,358,361,364,367,370,373,376,379,382,385,388,391,394,397,400,403,406,408,411,414,417,420,423,425,428,431,434,436,438,440,442,445,448,451,454,457,459,462,465,468,471,474,477,480,483],{"date":225,"score":163,"percentile":226},"2025-11-04",0.34831,{"date":228,"score":163,"percentile":229},"2025-11-05",0.3482,{"date":231,"score":163,"percentile":232},"2025-11-06",0.34817,{"date":234,"score":163,"percentile":235},"2025-11-07",0.34838,{"date":237,"score":163,"percentile":238},"2025-11-08",0.34833,{"date":240,"score":163,"percentile":241},"2025-11-09",0.34815,{"date":243,"score":163,"percentile":244},"2025-11-10",0.34763,{"date":246,"score":163,"percentile":247},"2025-11-11",0.34792,{"date":249,"score":163,"percentile":250},"2025-11-12",0.34836,{"date":252,"score":163,"percentile":253},"2025-11-13",0.3485,{"date":255,"score":163,"percentile":256},"2025-11-14",0.34854,{"date":258,"score":163,"percentile":259},"2025-11-15",0.34852,{"date":261,"score":163,"percentile":262},"2025-11-16",0.34827,{"date":264,"score":163,"percentile":265},"2025-11-17",0.34802,{"date":267,"score":268,"percentile":269},"2025-11-18",0.00013,0.0081,{"date":271,"score":268,"percentile":272},"2025-11-19",0.00824,{"date":274,"score":268,"percentile":275},"2025-11-20",0.00843,{"date":277,"score":163,"percentile":278},"2025-11-21",0.34837,{"date":280,"score":163,"percentile":281},"2025-11-22",0.34841,{"date":283,"score":163,"percentile":284},"2025-11-23",0.34809,{"date":286,"score":163,"percentile":287},"2025-11-24",0.34786,{"date":289,"score":163,"percentile":290},"2025-11-25",0.34784,{"date":292,"score":163,"percentile":290},"2025-11-26",{"date":294,"score":163,"percentile":295},"2025-11-27",0.34795,{"date":297,"score":163,"percentile":298},"2025-11-28",0.34773,{"date":300,"score":163,"percentile":301},"2025-11-29",0.34754,{"date":303,"score":163,"percentile":304},"2025-11-30",0.34732,{"date":306,"score":163,"percentile":250},"2025-12-01",{"date":308,"score":163,"percentile":309},"2025-12-02",0.34846,{"date":311,"score":163,"percentile":312},"2025-12-03",0.34845,{"date":314,"score":163,"percentile":315},"2025-12-04",0.34731,{"date":317,"score":163,"percentile":318},"2025-12-05",0.34762,{"date":320,"score":163,"percentile":321},"2025-12-06",0.3476,{"date":323,"score":163,"percentile":324},"2025-12-07",0.34733,{"date":326,"score":163,"percentile":327},"2025-12-08",0.34748,{"date":329,"score":163,"percentile":330},"2025-12-09",0.34788,{"date":332,"score":163,"percentile":333},"2025-12-10",0.34834,{"date":335,"score":163,"percentile":336},"2025-12-11",0.34856,{"date":338,"score":163,"percentile":339},"2025-12-12",0.34885,{"date":341,"score":163,"percentile":342},"2025-12-13",0.34869,{"date":344,"score":163,"percentile":345},"2025-12-14",0.34842,{"date":347,"score":163,"percentile":348},"2025-12-15",0.34801,{"date":350,"score":163,"percentile":262},"2025-12-16",{"date":352,"score":163,"percentile":353},"2025-12-17",0.3488,{"date":355,"score":356,"percentile":357},"2025-12-18",0.00145,0.35471,{"date":359,"score":356,"percentile":360},"2025-12-19",0.35491,{"date":362,"score":356,"percentile":363},"2025-12-20",0.35473,{"date":365,"score":356,"percentile":366},"2025-12-21",0.35421,{"date":368,"score":356,"percentile":369},"2025-12-22",0.35395,{"date":371,"score":163,"percentile":372},"2025-12-23",0.34844,{"date":374,"score":163,"percentile":375},"2025-12-24",0.3484,{"date":377,"score":163,"percentile":378},"2025-12-25",0.34904,{"date":380,"score":163,"percentile":381},"2025-12-26",0.34886,{"date":383,"score":163,"percentile":384},"2025-12-27",0.349,{"date":386,"score":163,"percentile":387},"2025-12-28",0.348,{"date":389,"score":163,"percentile":390},"2025-12-29",0.34768,{"date":392,"score":163,"percentile":393},"2025-12-30",0.34759,{"date":395,"score":163,"percentile":396},"2025-12-31",0.34813,{"date":398,"score":163,"percentile":399},"2026-01-01",0.3496,{"date":401,"score":163,"percentile":402},"2026-01-02",0.34951,{"date":404,"score":163,"percentile":405},"2026-01-03",0.34936,{"date":407,"score":163,"percentile":287},"2026-01-04",{"date":409,"score":163,"percentile":410},"2026-01-05",0.3477,{"date":412,"score":163,"percentile":413},"2026-01-06",0.3478,{"date":415,"score":163,"percentile":416},"2026-01-07",0.34796,{"date":418,"score":163,"percentile":419},"2026-01-08",0.34824,{"date":421,"score":163,"percentile":422},"2026-01-09",0.34819,{"date":424,"score":163,"percentile":422},"2026-01-10",{"date":426,"score":163,"percentile":427},"2026-01-11",0.34799,{"date":429,"score":163,"percentile":430},"2026-01-12",0.34741,{"date":432,"score":163,"percentile":433},"2026-01-13",0.34724,{"date":435,"score":163,"percentile":244},"2026-01-14",{"date":437,"score":163,"percentile":301},"2026-01-15",{"date":439,"score":163,"percentile":298},"2026-01-16",{"date":441,"score":163,"percentile":393},"2026-01-17",{"date":443,"score":163,"percentile":444},"2026-01-18",0.34694,{"date":446,"score":163,"percentile":447},"2026-01-19",0.34662,{"date":449,"score":163,"percentile":450},"2026-01-20",0.34647,{"date":452,"score":163,"percentile":453},"2026-01-21",0.34611,{"date":455,"score":163,"percentile":456},"2026-01-22",0.34588,{"date":458,"score":163,"percentile":450},"2026-01-23",{"date":460,"score":163,"percentile":461},"2026-01-24",0.34659,{"date":463,"score":163,"percentile":464},"2026-01-25",0.34596,{"date":466,"score":163,"percentile":467},"2026-01-26",0.3451,{"date":469,"score":163,"percentile":470},"2026-01-27",0.34503,{"date":472,"score":163,"percentile":473},"2026-01-28",0.3448,{"date":475,"score":163,"percentile":476},"2026-01-29",0.34442,{"date":478,"score":163,"percentile":479},"2026-01-30",0.34429,{"date":481,"score":163,"percentile":482},"2026-01-31",0.34438,{"date":484,"score":163,"percentile":485},"2026-02-01",0.34536,[487,492,499],{"source":166,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":488,"cvss_v4_0":9},{"baseScore":164,"baseSeverity":489,"vectorString":167,"impactScore":490,"exploitabilityScore":491},"LOW",2.3,2.6,{"source":172,"cvss_v2_0":493,"cvss_v3_0":9,"cvss_v3_1":498,"cvss_v4_0":9},{"baseScore":494,"baseSeverity":9,"vectorString":495,"impactScore":496,"exploitabilityScore":497},2.1,"AV:L/AC:L/Au:N/C:P/I:N/A:N",2.9,3.9,{"baseScore":164,"baseSeverity":489,"vectorString":167,"impactScore":490,"exploitabilityScore":491},{"source":173,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":500,"cvss_v4_0":9},{"baseScore":164,"baseSeverity":9,"vectorString":167,"impactScore":490,"exploitabilityScore":491},[502,514,527],{"ecosystem":9,"name":503,"vendor":504,"product":505,"cpe_part":506,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":507},"aws s3 crypto sdk","amazon","aws_s3_crypto_sdk","a",[508],{"version":509,"is_range":510,"range_type":511,"version_start":9,"version_start_type":9,"version_end":512,"version_end_type":513,"fixed_in":9},"lt2.0",true,"cpe","2.0","excluding",{"ecosystem":515,"name":516,"vendor":517,"product":518,"cpe_part":9,"purl_type":519,"purl_namespace":517,"purl_name":518,"source":9,"versions":520},"Go","github.com/aws/aws-sdk-go","github.com/aws","aws-sdk-go","golang",[521,524],{"version":522,"is_range":510,"range_type":523,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"all","semver",{"version":525,"is_range":510,"range_type":523,"version_start":9,"version_start_type":9,"version_end":526,"version_end_type":513,"fixed_in":9},"lt1_34_0","1.34.0",{"ecosystem":9,"name":528,"vendor":529,"product":530,"cpe_part":506,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":531},"AWS S3 Crypto SDK for GoLang","google llc","aws s3 crypto sdk for golang",[532],{"version":533,"is_range":510,"range_type":166,"version_start":534,"version_start_type":535,"version_end":536,"version_end_type":535,"fixed_in":9},">= stable, \u003C= V1","stable","including","V1"]