Improper Input Validation Affecting @awsui/components-react package, versions <3.0.367
Threat Intelligence
EPSS
0.08% (34th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JS-AWSUICOMPONENTSREACT-2413657
- published 25 Feb 2022
- disclosed 25 Feb 2022
- credit Unknown
Introduced: 25 Feb 2022
CVE-2022-24709 Open this link in a new tabHow to fix?
Upgrade @awsui/components-react
to version 3.0.367 or higher.
Overview
@awsui/components-react is a AWS UI is a collection of React components that help create intuitive, responsive, and accessible user experiences for web applications. It is developed by [Amazon Web Services (AWS)](h
Affected versions of this package are vulnerable to Improper Input Validation via multiple components which have been found to not properly neutralize user input and may allow for javascript injection.
References
CVSS Scores
version 3.1