AWS SDK for JavaScript v3 adopted defense in depth enhancement for region parameter value
- Severity:
- Low
Description
CVSSv3.1 Rating: 3.7 (LOW)
Summary
This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value.
Recommendation
Update the @smithy/config-resolver package to the latest compatible version. Followings are version details:
- Affected version(s): < 4.4.0
- Patched version(s): 4.4.0
References
Related Issues
- Signal K Server Vulnerable to Denial of Service via Unrestricted Access Request Flooding - CVE-2025-68272
- vue-i18n's escapeParameterHtml does not prevent DOM-based XSS through its tag attributes - CVE-2025-53892
- Elliptic's private key extraction in ECDSA upon signing a malformed input (e.g. a string) - Vulnerability
- KaTeX missing normalization of the protocol in URLs allows bypassing forbidden protocols - CVE-2024-28246
- Tags:
- npm
- @smithy/config-resolver
Anything's wrong? Let us know Last updated on January 08, 2026