While the vulnerability is classified as low and users are able to update this dependency because of a range in composer.json of this package I'd like this project to encourage users to update this dependency by releasing a small patch.
In practice I don't expect many users will be locked to older revisions of aws/aws-sdk-php since the latest will be fetched at install time, but since we can't be sure I'm proposing an update.
Due to potential URI resolution path traversal in the AWS SDK for PHP versions of this package prior to v3.288.1 are marked vulnerable. See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51651 or https://nvd.nist.gov/vuln/detail/CVE-2023-51651 for more details.
While the vulnerability is classified as low and users are able to update this dependency because of a range in
composer.jsonof this package I'd like this project to encourage users to update this dependency by releasing a small patch.In practice I don't expect many users will be locked to older revisions of aws/aws-sdk-php since the latest will be fetched at install time, but since we can't be sure I'm proposing an update.