A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to version 2.59.1 can address this issue. The name of the patch is c3e6d69422e1f0c80fe53f2d757b8df97619af2b. It is recommended to upgrade the affected component. The identifier VDB-216737 was assigned to this vulnerability.
References
- https://nvd.nist.gov/vuln/detail/CVE-2022-4725
- https://github.com/aws-amplify/aws-sdk-android/pull/3100
- https://github.com/aws-amplify/aws-sdk-android/commit/c3e6d69422e1f0c80fe53f2d757b8df97619af2b
- https://github.com/aws-amplify/aws-sdk-android/releases/tag/release_v2.59.1
- https://vuldb.com/?id.216737
- https://github.com/advisories/GHSA-f5h9-qx38-2hgp