Fix AWS SDK for PHP — CVE-2023-51651 HIGH
Fix CVE-2023-51651 (HIGH) in AWS SDK for PHP for PHP. Paste your composer.json into PackageFix and get a patched version — no CLI, no signup. Server-side request forgery via presigned url manipulation.
⚠ Vulnerability
CVE-2023-51651 (HIGH) — server-side request forgery via presigned URL manipulation in AWS SDK for PHP below ^3.300.
Vulnerable — composer.json
"aws/aws-sdk-php": "^3.200"
Fixed — composer.json
"aws/aws-sdk-php": "^3.300"
✓ Fix
Update AWS SDK for PHP to ^3.300 and run composer install.
Paste your manifest — get back a fixed version with all CVEs patched in seconds.
Open PackageFix →No signup · No CLI · No GitHub connection · Runs 100% in your browser
CVE Details
| Field | Value |
|---|---|
| CVE ID | CVE-2023-51651 |
| Severity | HIGH |
| Package | AWS SDK for PHP (PHP) |
| Safe version | ^3.300 |
| CISA KEV | — |
| Description | Server-side request forgery via presigned url manipulation |
Frequently Asked Questions
What is CVE-2023-51651?
CVE-2023-51651 is a HIGH severity vulnerability in AWS SDK for PHP (PHP) that allows server-side request forgery via presigned URL manipulation. Update to ^3.300 or later.
How do I fix CVE-2023-51651 in AWS SDK for PHP?
Update AWS SDK for PHP to version ^3.300 in your composer.json and run composer install.
Is CVE-2023-51651 being actively exploited?
Check packagefix.dev — the CISA KEV catalog updates daily.
How do I verify the fix for CVE-2023-51651?
After updating, paste your composer.json into PackageFix again. If CVE-2023-51651 no longer appears in the CVE table, the fix is applied.