VDB
GCVE-110-CLOUD-2022-0016
GCVE-110-CLOUD-2022-0016
Advisory Published
Amazon SNS' signature validation in the official SDK relied on a weak regex for default AWS certificate locations,
that would incorrectly match an S3 bucket named `sns`. This bucket happened to be publicly readable and writeable,
allowing an attacker to forge messages to any user of the official SDK SNS validator.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| AWS | S3 | — | — |
| AWS | SNS | — | — |
| AWS | Amazon Simple Notification Service (SNS) | — | — |
Browse GCVE Records
73,040 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.