Fralongopublished

**Name of the Vulnerable Software and Affected Versions** @awsui/components-react versions prior to 3.0.367 **Description** The issue concerns multiple components in the @awsui/components-react package that do not properly neutralize user input, potentially allowing for javascript injection. This could lead to cross-site scripting (XSS) in certain circumstances, as the components may render content without adequate neutralization. **Recommendations** For versions prior to 3.0.367, upgrade to version 3.0.367 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable components until a patch is applied. There are no known workarounds for this issue other than upgrading to the fixed version.