[HIGH] AWS SDK for PHP has CloudFront Policy Document Injection via Special Characters

PKSA-4t1p-xpk2-nsss GHSA-27qh-8cxx-2cr5

Affected version: >=3.11.7,<=3.371.3

Reported by:
GitHub

[MEDIUM] Key Commitment Issues in S3 Encryption Clients

PKSA-dxyf-6n16-t87m CVE-2025-14761 GHSA-x8cp-jf6f-r4xh

Affected version: >=3.0.0,<3.368.0

Reported by:
FriendsOfPHP/security-advisories, GitHub

[MEDIUM] Potential URI resolution path traversal in the AWS SDK for PHP

PKSA-n3s6-289w-qtqb CVE-2023-51651 GHSA-557v-xcg6-rm5m

Affected version: >=3.0.0,<3.288.1

Reported by:
FriendsOfPHP/security-advisories, GitHub