// AWSMEDIUM
A command injection vulnerability has been disclosed affecting Amazon ECS on Windows, tracked publicly without a formal CVE identifier and rated medium severity. The flaw reportedly allows an attacker to inject operating system commands through the ECS Windows component, potentially leading to unauthorized command execution within affected container environments. No public reports of active exploitation have been identified, and AWS customers running ECS on Windows should review AWS security bulletins and apply mitigations or updates as they become available. Other sources reviewed did not contain AWS-specific security events and were excluded.
// Get alerts for AWS