Name of the Vulnerable Software and Affected Versions AWS SAM CLI versions prior to 1.122.0

Description The issue concerns the exposure of sensitive data in the AWS SAM CLI output via STDERR when running the sam build command. If customers specify sensitive data in the DockerBuildArgs parameter of their template, this data will be shown in clear text.

Recommendations For versions prior to 1.122.0, update to AWS SAM CLI version 1.122.0 or above to resolve the issue. Additionally, review logs produced by SAM CLI runs if the DockerBuildArgs parameter was used and consider rotating secrets if exposure is suspected.