Summary
The AWS Amplify Studio amplify-codegen-ui is a package that generates front-end code from UI Builder entities (components, forms, views, and themes) primarily used in AWS Amplify Studio for component previews and in AWS Command Line Interface (AWS CLI) for generating component files in customers' local applications.
An issue exists in the Amplify Studio property binding process of the amplify-codegen-ui package that could potentially allow an authenticated user to run arbitrary JavaScript code during the component rendering and build process.
Impact
When importing a component schema using the create-component command, Amplify Studio will import and generate the component on the users' behalf. The expression-binding function does not validate the component schema properties before converting them to expressions. As a result, an authenticated user who can create or modify components could run arbitrary JavaScript code during the component rendering and build process.
Impacted versions: <=2.20.2
Patches
This issue has been addressed in version 2.20.3. We recommend upgrading to the latest version and ensuring any forked or derivative code is patched to incorporate the new fixes.
Workarounds
There are no workarounds. Upgrade to version 2.20.3.
If you have any questions or comments about this advisory, we ask that you contact AWS/Amazon Security via our issue-reporting page or directly via email to [email protected]. Please do not create a public GitHub issue.
Credit
We would like to thank ray the bounty hunter for collaborating on this issue through the coordinated issue disclosure process.
Summary
The AWS Amplify Studio amplify-codegen-ui is a package that generates front-end code from UI Builder entities (components, forms, views, and themes) primarily used in AWS Amplify Studio for component previews and in AWS Command Line Interface (AWS CLI) for generating component files in customers' local applications.
An issue exists in the Amplify Studio property binding process of the
amplify-codegen-uipackage that could potentially allow an authenticated user to run arbitrary JavaScript code during the component rendering and build process.Impact
When importing a component schema using the create-component command, Amplify Studio will import and generate the component on the users' behalf. The expression-binding function does not validate the component schema properties before converting them to expressions. As a result, an authenticated user who can create or modify components could run arbitrary JavaScript code during the component rendering and build process.
Impacted versions: <=2.20.2
Patches
This issue has been addressed in version 2.20.3. We recommend upgrading to the latest version and ensuring any forked or derivative code is patched to incorporate the new fixes.
Workarounds
There are no workarounds. Upgrade to version 2.20.3.
If you have any questions or comments about this advisory, we ask that you contact AWS/Amazon Security via our issue-reporting page or directly via email to [email protected]. Please do not create a public GitHub issue.
Credit
We would like to thank
ray the bounty hunterfor collaborating on this issue through the coordinated issue disclosure process.