VDB

GCVE-110-CLOUD-2022-0033

GCVE-110-CLOUD-2022-0033
Advisory Published
Vulnetix · Advisory published May 1, 2022
Two malicious versions were created of packages previously used by AWS. The packages were officially authored and maintained by AWS before they were removed by their legitimate author, and once the packages were removed, their names became available and the two packages were then populated with malicious code. If AWS-deployed software had any dependencies on these packages, this would have led to a dependency confusion attack.

Affected Products

VendorProductVersionsPlatforms
AWSCloud Services

References

advisory

Browse GCVE Records

73,834 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›