CVE Details
| CVE ID |
Severity |
Affected Package |
Installed Version |
Fixed Version |
Date Published |
Date of Scan |
| CVE-2025-6075 |
LOW |
python |
2.7.18-1.amzn2.0.15 |
2.7.18-1.amzn2.0.16 |
2025-10-31T17:15:48.693Z |
2026-03-07T10:18:20.039806885Z |
Affected Docker Images
| Image Name |
SHA |
public.ecr.aws/lambda/provided:al2 |
public.ecr.aws/lambda/provided@sha256:20460477de18166b919cfc8d890f03e05f8615670b644567d1616b71e93744d7 |
public.ecr.aws/lambda/python:3.11 |
public.ecr.aws/lambda/python@sha256:f302b4338be4d4860d644e197b59012d5089c7d9c84b94eafa1a6893f5718012 |
public.ecr.aws/lambda/python:3.10 |
public.ecr.aws/lambda/python@sha256:7338af5a6695273dff355a8000753dad8dd91cfcf26565ca5e2ddb53046ea9b5 |
public.ecr.aws/lambda/java:17 |
public.ecr.aws/lambda/java@sha256:e0d2355c6cd6f9e83c70aeba77ecdfee51a5d47eeb8f943b5b0487bcfe6a8857 |
public.ecr.aws/lambda/java:11 |
public.ecr.aws/lambda/java@sha256:edab224cfa3a88705c112c85820c99bf689072c7b32ca19688830f8f1ab24288 |
public.ecr.aws/lambda/java:8.al2 |
public.ecr.aws/lambda/java@sha256:95b8110b178affa75c00c275ee7a4fe2e0236787e68c2baf5cb94849c113887e |
public.ecr.aws/lambda/ruby:3.2 |
public.ecr.aws/lambda/ruby@sha256:b07e4becc1fd67cdd88849c2033b50da4cf0b91e01a2c40eaea4789eaddf393e |
Description
If the value passed to os.path.expandvars() is user-controlled a
performance degradation is possible when expanding environment
variables.
Remediation Steps
- Update the affected package
python from version 2.7.18-1.amzn2.0.15 to 2.7.18-1.amzn2.0.16.
About this issue
- This issue may not contain all the information about the CVE nor the images it affects.
- This issue will not be updated with new information and the list of affected images may have changed since the creation of this issue.
- For more, visit Lambda Watchdog.
- This issue was created automatically by Lambda Watchdog.
