AWS SDK for JavaScript v3 adopted defense in depth enhancement for region parameter value

Severity:: Low

Description

CVSSv3.1 Rating: 3.7 (LOW)

Summary

This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value.

Recommendation

Update the @smithy/config-resolver package to the latest compatible version. Followings are version details:

Affected version(s): < 4.4.0
Patched version(s): 4.4.0

References

GHSA-6475-r3vj-m8vf
docs.aws.amazon.com
CWE-20
OWASP 2021-A3

Related Issues

Sentry SDK Prototype Pollution gadget in JavaScript SDKs - Vulnerability
Unknown vulnerability in Coinbase Wallet SDK - Vulnerability
Cross-Site Scripting (XSS) via Select Schema Option Value Injection in @pdfme/schemas - Vulnerability
MetaMask SDK indirectly exposed via malicious [email protected] dependency - Vulnerability

How to Secure your NodeJs Express Javascript Application - part 2

SmartScanner 2.3: Smarter JavaScript Detection, Faster Scans, and Powerful CLI Enhancements

How to Secure your NodeJs Express Javascript Application - part 1

Tags:: npm; @smithy/config-resolver

Anything's wrong? Let us know Last updated on January 08, 2026