CVE Details
| CVE ID |
Severity |
Affected Package |
Installed Version |
Fixed Version |
Date Published |
Date of Scan |
| CVE-2025-12084 |
MEDIUM |
python |
2.7.18-1.amzn2.0.14 |
2.7.18-1.amzn2.0.15 |
2025-12-03T19:15:55.05Z |
2026-01-23T10:18:23.308592219Z |
Affected Docker Images
| Image Name |
SHA |
public.ecr.aws/lambda/provided:al2 |
public.ecr.aws/lambda/provided@sha256:91999d3f57c058711ba8fd17b0eb25df4309d7df31856d2597e6c065e9d2e87a |
public.ecr.aws/lambda/python:3.11 |
public.ecr.aws/lambda/python@sha256:e3ff92d11a35ba659794b89e612a73e17bb009b6075757314cf931b378b90a8a |
public.ecr.aws/lambda/python:3.10 |
public.ecr.aws/lambda/python@sha256:f3ec524265e82a868ae32afd8c3edf2dd3f442ea5470640b0e68c5cb2aadaea4 |
public.ecr.aws/lambda/java:17 |
public.ecr.aws/lambda/java@sha256:d15321d0393dd68c1849e935a72c9a0257c6e910bd4c17bf74e67cab16ab7904 |
public.ecr.aws/lambda/java:11 |
public.ecr.aws/lambda/java@sha256:07a9febee8af8bda06d4e7160ea922dfc04b712941643ccd460f5a4a31cf0573 |
public.ecr.aws/lambda/java:8.al2 |
public.ecr.aws/lambda/java@sha256:efae07fcc5e8d6256d84fba688337c5e8a8fc8cc746a362eb41d7d779b438b9d |
public.ecr.aws/lambda/ruby:3.2 |
public.ecr.aws/lambda/ruby@sha256:4345f89655eba8ada7a695961140ae99d9dfeba48038bdaaa2bef1b110cdf90a |
Description
When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.
Remediation Steps
- Update the affected package
python from version 2.7.18-1.amzn2.0.14 to 2.7.18-1.amzn2.0.15.
About this issue
- This issue may not contain all the information about the CVE nor the images it affects.
- This issue will not be updated with new information and the list of affected images may have changed since the creation of this issue.
- For more, visit Lambda Watchdog.
- This issue was created automatically by Lambda Watchdog.
