Improper Input Validation Affecting @awsui/components-react package, versions <3.0.367


0.0
high

Snyk CVSS

    Attack Complexity Low
    User Interaction Required
    Confidentiality High
    Integrity High
    Availability High

    Threat Intelligence

    EPSS 0.08% (32nd percentile)
Expand this section
NVD
6.1 medium

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-JS-AWSUICOMPONENTSREACT-2413657
  • published 25 Feb 2022
  • disclosed 25 Feb 2022
  • credit Unknown

How to fix?

Upgrade @awsui/components-react to version 3.0.367 or higher.

Overview

@awsui/components-react is a AWS UI is a collection of React components that help create intuitive, responsive, and accessible user experiences for web applications. It is developed by [Amazon Web Services (AWS)](h

Affected versions of this package are vulnerable to Improper Input Validation via multiple components which have been found to not properly neutralize user input and may allow for javascript injection.

References