Primary

Context

AWS Amplify Studio Input Validation Vulnerability in Component Property Expressions

Vulnerability

A vulnerability exists in the AWS Amplify Studio UI component property expressions within the aws-amplify/amplify-codegen-ui package, affecting versions through 2.20.2. The issue arises from a lack of input validation, which could enable an authenticated user with the ability to create or modify components to execute arbitrary JavaScript code during the component rendering and build process.

Impact

Exploitation of this vulnerability could lead to the execution of arbitrary JavaScript code, potentially allowing for malicious actions during the component rendering and build process.

Remediation

Users are advised to upgrade to Amplify Studio aws-amplify/amplify-codegen-ui version 2.20.3. If any forked or derivative code is in use, it should be patched to incorporate the new fixes.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AWS Amplify Studio Input Validation Vulnerability in Component Property Expressions

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating