Homepage
About Snyk

Improper Input Validation Affecting @awsui/components-react package, versions <3.0.367

Severity

 Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team

    Threat Intelligence

    EPSS
    0.08% (34th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-JS-AWSUICOMPONENTSREACT-2413657
  • published 25 Feb 2022
  • disclosed 25 Feb 2022
  • credit Unknown
Report a new vulnerability Found a mistake?

Introduced: 25 Feb 2022

CVE-2022-24709 Open this link in a new tab
CWE-79 Open this link in a new tab

How to fix?

Upgrade @awsui/components-react to version 3.0.367 or higher.

Overview

@awsui/components-react is a AWS UI is a collection of React components that help create intuitive, responsive, and accessible user experiences for web applications. It is developed by [Amazon Web Services (AWS)](h

Affected versions of this package are vulnerable to Improper Input Validation via multiple components which have been found to not properly neutralize user input and may allow for javascript injection.

References

CVSS Scores

version 3.1
Expand this section

Snyk

8.8 high
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    Low
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    Required
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    High
  • Integrity (I)
    High
  • Availability (A)
    High
Expand this section

NVD

6.1 medium