15 matches found
EUVD-2025-13500
Malicious code in bioql PyPI...
EUVD-2024-1151
Malicious code in bioql PyPI...
CVE-2024-28056
Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role trust policy of IAM roles associated with Amplify projects. When the Authentication component is removed from an Amplify project, a Condition property is removed but "Effect":"Allow" remains present, and consequently...
CVE-2025-4318
The AWS Amplify Studio UI component property expressions in the aws-amplify/amplify-codegen-ui package lack input validation. This could potentially allow an authenticated user who has access to create or modify components to run arbitrary JavaScript code during the component rendering and build...
CVE-2025-4318
The AWS Amplify Studio UI component property expressions in the aws-amplify/amplify-codegen-ui package lack input validation. This could potentially allow an authenticated user who has access to create or modify components to run arbitrary JavaScript code during the component rendering and build...
CVE-2025-4318
CVE-2025-4318 affects the package aws-amplify/amplify-codegen-ui used with AWS Amplify Studio. The vulnerability is described as a lack of input validation in UI component property expressions, which could allow an authenticated user with access to create or modify components to execute arbitrary...
CVE-2025-4318 Input validation issue in AWS Amplify Studio UI component properties
The AWS Amplify Studio UI component property expressions in the aws-amplify/amplify-codegen-ui package lack input validation. This could potentially allow an authenticated user who has access to create or modify components to run arbitrary JavaScript code during the component rendering and build...
CVE-2025-4318 Input validation issue in AWS Amplify Studio UI component properties
The AWS Amplify Studio UI component property expressions in the aws-amplify/amplify-codegen-ui package lack input validation. This could potentially allow an authenticated user who has access to create or modify components to run arbitrary JavaScript code during the component rendering and build...
PT-2025-19763
Name of the Vulnerable Software and Affected Versions aws-amplify/amplify-codegen-ui affected versions not specified Description The issue is related to a lack of input validation in the AWS Amplify Studio UI component property expressions. This could potentially allow an authenticated user who h...
CVE-2024-28056
Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role trust policy of IAM roles associated with Amplify projects. When the Authentication component is removed from an Amplify project, a Condition property is removed but "Effect":"Allow" remains present, and consequently...
PT-2024-22240 · Amazon · Amazon Aws Amplify Cli
Name of the Vulnerable Software and Affected Versions: Amazon AWS Amplify CLI versions prior to 12.10.1 Description: The issue arises when the Authentication component is removed from an Amplify project, resulting in the removal of a Condition property but leaving "Effect":"Allow" present. This...
@activepieces/piece-amazon-s3 (=0.0.2), @adobe/helix-admin-support (>=2.1.22 <=2.1.23) +470 more potentially affected by unknown CVE via fast-xml-parser (=4.2.4)
fast-xml-parser NPM version =4.2.4 is affected by a known vulnerability. The following packages have a transitive dependency on fast-xml-parser and may be impacted: - @activepieces/piece-amazon-s3 =0.0.2 - @adobe/helix-admin-support =2.1.22, =9.0.39, =2.1.1, =2.1.15, =1.11.158, =1.0.4-0, =1.2.39-...
Malicious code in aws-amplify-unicorntrivia-workshop (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b1ed06bee8e811d379842b46440e9174027b9d4ece63560f9ddc88cd44ae0102 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-1191 Malicious code in aws-amplify-unicorntrivia-workshop (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b1ed06bee8e811d379842b46440e9174027b9d4ece63560f9ddc88cd44ae0102 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
47pages-keystone (>=0.0.1 <=0.0.5), @amplify-app/create (>=0.1.0 <=0.1.4) +2357 more potentially affected by CVE-2020-13110 via kerberos (>=0.0.11 <=0.0.9)
kerberos NPM version =0.0.11, =0.0.1, =0.1.0, =1.8.5-alpha.46, =1.0.3, =1.0.2, =0.12.0, =1.0.0, =0.0.5, =0.1.2-beta.1, =0.14.2, =0.14.6 and more Source cves: CVE-2020-13110 Source advisory: OSV:GHSA-M2MX-RFPW-JGHV...