Cyber Security News

Critical RCE Vulnerability in AWS Amplify Studio – PoC Now Public

Cyware
Critical RCE Vulnerability in AWS Amplify Studio – PoC Now Public

AWS disclosed a critical RCE vulnerability in the @aws-amplify/codegen-ui package, allowing remote code execution through unsafe evaluation of user-defined JavaScript expressions. The vulnerability was patched in version 2.20.3 with a sandboxed, safer evaluation method. #AWSAmplify #CVE20254318

Keypoints

  • The vulnerability stemmed from improper input validation in the AWS Amplify Studio component schemas.
  • Attackers with authenticated access could inject malicious JavaScript, leading to remote code execution.
  • The flaw was exploitable through evaluating untrusted expressions with unsafe techniques like eval().
  • A patch was released in version 2.20.3, replacing unsafe eval() with a sandboxed, filtered evaluation method.
  • Users are advised to update immediately, review component schemas, and implement strict access controls for mitigation.

Read More: https://gbhackers.com/rce-vulnerability-in-aws-amplify-studio/