GHSA-mvm6-f9r3-fgfx: JSON Policy Injection in AWS SDK for .NET CloudFront Signers

The AWS SDK for .NET provides utilities to programmatically generate Amazon CloudFront signed URLs and signed cookies. These mechanisms are used to restrict access to private content served through CloudFront, ensuring that only authenticated or authorized clients can retrieve specific resources. The signing process relies on constructing a JSON-formatted Custom Policy document that defines the exact access parameters, such as the allowed resource path, expiration time, and permitted IP ranges.

A vulnerability exists within the AWSSDK.CloudFront and AWSSDK.Extensions.CloudFront.Signers packages where the SDK fails to properly neutralize special characters when constructing these JSON policy documents. Specifically, the SDK does not adequately escape double quotes (") and backslashes (\) present in the input variables before concatenating them into the final JSON string.

This flaw is classified as Improper Encoding or Escaping of Output (CWE-116). By exploiting this vulnerability, an attacker who controls the input parameters can break out of the intended JSON value context. The attacker can then inject arbitrary JSON key-value pairs into the policy document, fundamentally altering the access control rules enforced by CloudFront.

CloudFront Custom Policies are structured as JSON documents containing a Statement array. Each statement specifies a Resource and various Condition blocks that dictate access rules. When developers use the SDK's signing methods, they provide parameters such as the target URL or client IP addresses. The SDK dynamically constructs the JSON policy using these provided parameters.

Prior to the patched versions, the SDK assembled this JSON document using string formatting or concatenation rather than a safe JSON serialization library, or it failed to apply a proper escaping routine to the input strings. Because double quotes and backslashes were not sanitized, any input containing these characters was inserted verbatim into the JSON structure.

When a developer passes user-controlled data to a vulnerable signing method, the untrusted data is directly embedded into a JSON string value. If the input contains a double quote, the JSON parser reading the generated policy will interpret that quote as the termination of the string literal. Any subsequent characters in the input are then parsed as structural JSON elements rather than data, enabling JSON injection.

The vulnerability manifests when developers use methods like AmazonCloudFrontUrlSigner.SignUrl. The method accepts parameters like the resource URL and constructs a policy internally if a custom policy is not explicitly provided by the developer.

// Conceptual representation of the vulnerable code pattern
string resourceUrl = userInput;
string policy = @"{""Statement"":[{
    ""Resource"":""" + resourceUrl + @""",
    ""Condition"":{
        ""DateLessThan"":{""AWS:EpochTime"":1672531200}
    }
}]}";

In the vulnerable pattern above, resourceUrl is concatenated directly into the policy string. If userInput contains a double quote, it closes the "Resource" value. The patch addresses this by implementing strict escaping for user-controlled variables before they are incorporated into the JSON document.

// Conceptual representation of the patched code pattern
string escapedResourceUrl = resourceUrl.Replace("\\", "\\\\").Replace("\"", "\\\"");
string policy = @"{""Statement"":[{
    ""Resource"":""" + escapedResourceUrl + @""",
    ""Condition"":{
        ""DateLessThan"":{""AWS:EpochTime"":1672531200}
    }
}]}";

The fix ensures that any backslashes or double quotes within the input are prefixed with an escape character. This forces the downstream JSON parser to treat these characters as literal string content rather than structural delimiters, neutralizing the injection vector.

Exploitation requires an application that accepts user input and incorporates it into a CloudFront signed URL or cookie without prior validation. The attacker crafts a payload containing a double quote to close the active JSON field, followed by a comma, and then entirely new JSON keys and values.

Consider an application that generates signed URLs for user-specific directories: https://example.com/files/ + userInput. An attacker provides the following string as their input: ", "Condition": {"DateLessThan": {"AWS:EpochTime": 2147483647}} }.

When the SDK processes this input, the resulting JSON policy document will include the injected condition:

{
  "Statement": [{
    "Resource": "https://example.com/files/", 
    "Condition": {"DateLessThan": {"AWS:EpochTime": 2147483647}} },
    "Condition": {"DateLessThan": {"AWS:EpochTime": 1672531200}}
  }]
}

Depending on the JSON parser's behavior regarding duplicate keys, the injected Condition block may override the original restrictions set by the application. This allows the attacker to unilaterally modify the expiration time or remove IP-based restrictions from the generated signature.

The primary impact of this vulnerability is a high loss of confidentiality. By successfully injecting custom conditions into the CloudFront policy, an attacker can generate valid cryptographic signatures that grant broader access than the application intended. This allows the attacker to bypass time-based expirations or IP-based geo-restrictions.

Furthermore, if the injected payload alters the Resource field to include wildcards (e.g., https://example.com/*), the attacker could use the resulting signed URL or cookie to access arbitrary private files within the same CloudFront distribution. This effectively defeats the primary access control mechanism for the content delivery network.

> [!NOTE] > The integrity impact is rated as low. While the attacker can modify the logical conditions of the access policy, they cannot alter the actual files stored behind the CloudFront distribution. The vulnerability does not provide write access to the origin servers or Amazon S3 buckets.

Organizations utilizing the AWS SDK for .NET to generate CloudFront signed URLs or signed cookies must upgrade their dependencies immediately. The official patches resolve the string escaping flaws within the policy construction logic.

The required minimum versions are AWSSDK.CloudFront version 3.7.510.7 and AWSSDK.Extensions.CloudFront.Signers version 4.0.0.31. Upgrading to these versions or newer ensures that the SDK internally escapes all double quotes and backslashes before integrating parameters into the JSON policy.

As a defense-in-depth measure, development teams should implement strict input validation at the application layer. User-provided data destined for CloudFront signing methods should be sanitized or validated against a strict allowlist. Rejecting inputs containing double quotes or backslashes before they reach the AWS SDK provides an additional layer of security against future injection flaws.