Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2022-24709 Vulnerability in npm package @awsui/components-react

Description

@awsui/components-react is the main AWS UI package which contains React components, with TypeScript definitions designed for user interface development. Multiple components in versions before 3.0.367 have been found to not properly neutralize user input and may allow for javascript injection. Users are advised to upgrade to version 3.0.367 or later. There are no known workarounds for this issue.

Remediation

References

https://github.com/aws/awsui-documentation/security/advisories/GHSA-mf22-92pm-m8p8

https://www.npmjs.com/package/%40awsui/components-react

Related Vulnerabilities

CVE-2020-28267 Vulnerability in npm package @strikeentco/set

CVE-2018-14041 Vulnerability in maven package org.webjars.npm:bootstrap

CVE-2020-7649 Vulnerability in npm package snyk-broker

CVE-2021-40111 Vulnerability in maven package org.apache.james:james-server

CVE-2014-3558 Vulnerability in maven package org.hibernate:hibernate-validator

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory