VDB

GCVE-110-CLOUD-2022-0003

GCVE-110-CLOUD-2022-0003
Advisory Published
Vulnetix · Advisory published December 13, 2022
A vulnerability in Elastic Container Registry (ECR) Public could have allowed a malicious actor to delete, update, or create ECR Public images, layers, or tags in registries and repositories belonging to any other AWS account, by abusing undocumented API calls. A malicious actor could have exploited this to delete any or all images in the Amazon ECR Public Gallery or update the content of any existing image to inject malicious code on any machine that would pull and run it.

Affected Products

VendorProductVersionsPlatforms
AWSECR Public
AWSECR

References

advisory
advisory

Browse GCVE Records

73,443 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›