CVE-2022-24709

Name of the Vulnerable Software and Affected Versions @awsui/components-react versions prior to 3.0.367

Description The issue concerns multiple components in the @awsui/components-react package that do not properly neutralize user input, potentially allowing for javascript injection. This could lead to cross-site scripting (XSS) in certain circumstances, as the components may render content without adequate neutralization.

Recommendations For versions prior to 3.0.367, upgrade to version 3.0.367 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable components until a patch is applied. There are no known workarounds for this issue other than upgrading to the fixed version.