CVE-2022-24709
Summary
| CVE | CVE-2022-24709 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-02-24 20:15:00 UTC |
| Updated | 2023-11-07 03:44:00 UTC |
| Description | @awsui/components-react is the main AWS UI package which contains React components, with TypeScript definitions designed for user interface development. Multiple components in versions before 3.0.367 have been found to not properly neutralize user input and may allow for javascript injection. Users are advised to upgrade to version 3.0.367 or later. There are no known workarounds for this issue. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Amazon | Awsui/components-react | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| @awsui/components-react - npm | MISC | www.npmjs.com | |
| Multiple components could allow cross-site scripting (XSS) in @awsui/components-react in certain circumstances · Advisory · aws/awsui-documentation · GitHub | CONFIRM | github.com | |
| @awsui/components-react - npm | www.npmjs.com | ||
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.