Name of the Vulnerable Software and Affected Versions AWS Database Encryption SDK (DB-ESDK) for DynamoDB versions 3.1.0 and below

Description The issue arises when a DynamoDB Set attribute is marked as SIGN ONLY in the AWS Database Encryption SDK (DB-ESDK) for DynamoDB, including when a Set is part of a List or a Map. In versions 3.1.0 and below, signature validation of the record containing a Set may fail on read, even if the Set attributes contain the same values, due to the undefined order of elements in the Set returned by DynamoDB. This update ensures that any Set values are canonicalized in the same order while written to and read from DynamoDB.

Recommendations For AWS Database Encryption SDK (DB-ESDK) for DynamoDB versions 3.1.0 and below, upgrade to version 3.1.1 as soon as possible to address the issue.