Skip to content

[MEDIUM] Q1: Sender-controlled MessageAttributes override SQS system attributes #2

Description

@ahmedkamalio

Severity: Medium — verified

  • sqs/service.go:243-253 — sender-controlled MessageAttributes are
    merged after SQS system attributes, so a malicious producer can
    overwrite ApproximateReceiveCount and defeat retry/poison-pill/DLQ
    logic.

Fix

Merge system attributes last (or reject/namespace caller keys that collide
with system attributes).

Identified during an internal security review of the Gas framework
(2026-07-03).

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions