CVE-2025-4318
Description
The AWS Amplify Studio UI component property expressions in the aws-amplify/amplify-codegen-ui package lack input validation. This could potentially allow an authenticated user who has access to create or modify components to run arbitrary JavaScript code during the component rendering and build process.
Weakness Type (CWE)
References
Other References
Frequently Asked Questions
What is CVE-2025-4318? +
How do I check if I'm vulnerable to CVE-2025-4318? +
Related Vulnerabilities
The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Prior to version 9.14, …
The WordPress plugin is-human <= v1.4.2 contains an eval injection vulnerability in /is-human/engine.php that can be triggered via the 'type' …
conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is …
The OZI action is a GitHub Action that publishes releases to PyPI and mirror releases, signature bundles, and provenance in …
PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly to eval() …
The application contains an insecure 'redirectToUrl' mechanism that incorrectly processes the value of the 'redirectUrlParameter' parameter. The application interprets the …