Amazon ECR Public Gallery flaw could have wiped or poisoned any image

A severe security flaw in the Amazon ECR Public Gallery could have allowed attackers to delete any container image or inject malicious code into the images of other AWS accounts.

Amazon ECR Public Gallery is a public repository of container images used for sharing ready-to-use applications and popular Linux distributions, such as Nginx, EKS Distro, Amazon Linux, CloudWatch agent, and Datadog agent.

A Lightspin security analyst discovered a new flaw in the ECR Public Gallery where it’s possible to modify existing public images, layers, tags, registries, and repositories of other users by abusing undocumented API actions.

Characteristically, the top six most downloaded container images in ECR Public Gallery have had over 13 billion downloads, so any malicious injection in them could have resulted in “Out-of-control” infections.

On November 14, 2022, a security researcher reported an issue in Amazon Elastic Container Registry Public Gallery, a public website for finding and sharing public container images.

The researcher identified an ECR API action that, if called, could have enabled modification or removal of images available on ECR Public Gallery.

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.
This field is for validation purposes and should be left unchanged.

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

Tell us About your Needs
Get an Answer the Same Business Day

Got an urgent request? Call us at 1-877-805-7475 or Book a meeting.

What happens next:

  • We reach out to learn about your objectives
  • We work together to define your project’s scope
  • You get an all-inclusive, no engagement proposal
This field is for validation purposes and should be left unchanged.


Enter your Email Address

This field is for validation purposes and should be left unchanged.

* No free email provider (e.g:,, etc.)



Everything You Need to Know

Gain confidence in your future cybersecurity assessments by learning to effectively plan, scope and execute projects.
This site is registered on as a development site. Switch to a production site key to remove this banner.