AWS KMS and all versions of AWS Encryption SDKs prior to version 2.0.0 were susceptible to
information leakage (an attacker could create ciphertexts that would leak the user’s AWS account ID,
encryption context, user agent, and IP address upon decryption), ciphertext forgery (an attacker could
create ciphertexts that were accepted by other users) and lack of robustness (an attacker could create
ciphertexts that decrypt to different plaintexts for different users).
Update the SDK to the latest secure version.
No tracked CVEs