CVE-2022-24709

@awsui/components-react is the main AWS UI package which contains React components, with TypeScript definitions designed for user interface development. Multiple components in versions before 3.0.367 have been found to not properly neutralize user input and may allow for javascript injection. Users are advised to upgrade to version 3.0.367 or later. There are no known workarounds for this issue.
Configurations

Configuration 1 (hide)

cpe:2.3:a:amazon:awsui\/components-react:*:*:*:*:*:node.js:*:*

History

21 Nov 2024, 06:50

Type Values Removed Values Added
CVSS v2 : 4.3
v3 : 6.1
v2 : 4.3
v3 : 8.8
References () https://github.com/aws/awsui-documentation/security/advisories/GHSA-mf22-92pm-m8p8 - Third Party Advisory () https://github.com/aws/awsui-documentation/security/advisories/GHSA-mf22-92pm-m8p8 - Third Party Advisory
References () https://www.npmjs.com/package/%40awsui/components-react - () https://www.npmjs.com/package/%40awsui/components-react -

08 Mar 2022, 17:22

Type Values Removed Values Added
CPE cpe:2.3:a:amazon:awsui\/components-react:*:*:*:*:*:node.js:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 4.3
v3 : 6.1
References (CONFIRM) https://github.com/aws/awsui-documentation/security/advisories/GHSA-mf22-92pm-m8p8 - (CONFIRM) https://github.com/aws/awsui-documentation/security/advisories/GHSA-mf22-92pm-m8p8 - Third Party Advisory
References (MISC) https://www.npmjs.com/package/@awsui/components-react - (MISC) https://www.npmjs.com/package/@awsui/components-react - Third Party Advisory

24 Feb 2022, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-02-24 20:15

Updated : 2024-11-21 06:50


NVD link : CVE-2022-24709

Mitre link : CVE-2022-24709

CVE.ORG link : CVE-2022-24709


JSON object : View

Products Affected

amazon

  • awsui\/components-react
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')