QwikSec

Security Database

CVE

CWE

Training

CVE-2025-4318

Published: May 5, 2025

Modified: Jan 28, 2026

PUBLISHED

Description

The AWS Amplify Studio UI component property expressions in the aws-amplify/amplify-codegen-ui package lack input validation. This could potentially allow an authenticated user who has access to create or modify components to run arbitrary JavaScript code during the component rendering and build process.

Vendor	Product	Versions
Amazon	Amplify Studio	affected `0.1.0 - < 2.20.3`

Weaknesses (CWE)

References

https://aws.amazon.com/security/security-bulletins/AWS-2025-010/

vendor-advisory

https://github.com/aws-amplify/amplify-codegen-ui/releases/tag/v2.20.3

patch

https://github.com/aws-amplify/amplify-codegen-ui/security/advisories/GHSA-hf3j-86p7-mfw8

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.