AWS SDK for JavaScript v3 adopted defense in depth enhancement for region parameter value
- Severity:
- Low
Description
CVSSv3.1 Rating: 3.7 (LOW)
Summary
This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value.
Recommendation
Update the @smithy/config-resolver package to the latest compatible version. Followings are version details:
- Affected version(s): < 4.4.0
- Patched version(s): 4.4.0
References
Related Issues
- Sentry SDK Prototype Pollution gadget in JavaScript SDKs - Vulnerability
- XSS vulnerability allowing arbitrary JavaScript execution - CVE-2021-41174
- x402 SDK vulnerable in outdated versions in resource servers for builders (GHSA-3j63-5h8p-gf7c) 2 - Vulnerability
- Matrix JavaScript SDK's key history sharing could share keys to malicious devices - CVE-2024-47080
- Tags:
- npm
- @smithy/config-resolver
Anything's wrong? Let us know Last updated on January 08, 2026