An upstream validation bug in the aws-sdk-sns library could enable RCE under certain circumstances. This commit updates the upstream gem, and adds additional validation to provide defense-in-depth.
This pull request has been mentioned on Discourse Meta. There might be relevant details there:
Probably should’ve mentioned this to @Bitnami before publishing, they have 5m pulls