“As a result, an authenticated user who can create or modify components could run arbitrary JavaScript code during the component rendering and build process,” states the AWS advisory. The issue underscores the urgent need for robust input validation in modern development tools, especially as organizations increasingly rely on platforms like Amplify Studio to accelerate front-end development and streamline cloud deployments. When importing a component schema using the create-component command, Amplify Studio imports and generates the component without properly validating the component schema properties before converting them to expressions. This package is used primarily in Amplify Studio for component previews and in the AWS Command Line Interface (CLI) for generating component files in customers’ local applications. Exploitation of this vulnerability requires an authenticated user with permissions to create or modify components within Amplify Studio. Such a user could potentially inject and execute arbitrary JavaScript code during the component rendering and build process. This incident highlights the importance of rigorous input validation in low-code development environments, particularly those handling component generation and rendering. According to security experts, organizations using AWS Amplify Studio should take immediate action to protect their systems. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 07 May 2025 12:14:57 +0000