Skip to content

Multiple components could allow cross-site scripting (XSS) in @awsui/components-react in certain circumstances

High
fralongo published GHSA-mf22-92pm-m8p8 Feb 24, 2022

Package

npm @awsui/components-react (npm)

Affected versions

< 3.0.367

Patched versions

3.0.367

Description

Impact

Components could potentially allow cross-site scripting (XSS) in certain circumstances. These components could render content without adequate neutralization.

Patches

Fixed in 3.0.367.

Severity

High
8.8
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE ID

CVE-2022-24709

Weaknesses