You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I would like to deploy a AWS Lambda using the strands agent library into production in enterprise settings. However, this is currently blocked by the requirement that there are no AWS Inspector Findings with severity high. Is it planned to fix this finding?
python/mcp/server/auth/handlers/token.py
vulnerability location
error_description=("redirect_uri did not match the one " "used when creating auth code"),
)
)
# Verify PKCE code verifier
sha256 = hashlib.sha256(token_request.code_verifier.encode()).digest()
hashed_code_verifier = base64.urlsafe_b64encode(sha256).decode().rstrip("=")
if hashed_code_verifier != auth_code.code_challenge:
# see https://datatracker.ietf.org/doc/html/rfc7636#section-4.6
return self.response(
Severity:
High
Type:
Code Vulnerability
Detector name:
Weak algorithm used for Password Hashing
Relevant CWE:
CWE-327 , CWE-328
Rule ID:
python-hashlib-naive-hashing-not-suitable-for-secrets
Detector tags
#cryptography, #security, #owasp-top10, #cwe-327, #cwe-328, #Python
Fix available
Yes
Created at
June 5, 2025 12:07 PM (UTC+02:00)
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
I would like to deploy a AWS Lambda using the strands agent library into production in enterprise settings. However, this is currently blocked by the requirement that there are no AWS Inspector Findings with severity high. Is it planned to fix this finding?
python/mcp/server/auth/handlers/token.py
vulnerability location
error_description=("redirect_uri did not match the one " "used when creating auth code"),
)
)
Severity:
High
Type:
Code Vulnerability
Detector name:
Weak algorithm used for Password Hashing
Relevant CWE:
CWE-327 , CWE-328
Rule ID:
python-hashlib-naive-hashing-not-suitable-for-secrets
Detector tags
#cryptography, #security, #owasp-top10, #cwe-327, #cwe-328, #Python
Fix available
Yes
Created at
June 5, 2025 12:07 PM (UTC+02:00)
Beta Was this translation helpful? Give feedback.
All reactions