Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/aws-sdk@2.928.0
Typenpm
Namespace
Nameaws-sdk
Version2.928.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-trz1-wjge-cqct
vulnerability_id VCID-trz1-wjge-cqct
summary 
JavaScript SDK v2 users should add validation to the region parameter value in or migrate to v3
CVSSv3.1 Rating: 3.7 (LOW)

Summary
This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. Per the AWS shared responsibility model, customer applications should protect instances appropriately, or implement proper input sanitization checks. The AWS SDK for JavaScript v2 reached end-of-support on September 8, 2025, but a defense-in-depth enhancement has been implemented in AWS SDK for JavaScript v3. Please migrate to that version.

Impact
Customer applications could be configured to improperly route AWS API calls to non-existent or non-AWS hosts. While the SDK itself is functioning as designed, we recommend customers migrate to AWS SDK for JavaScript v3 for continued support and enhanced security features.

Impacted versions: All versions of AWS SDK for JavaScript v2

Patches
No security patch is required, this is an informational advisory.

Workarounds
- Implement proper input sanitization in your application code
- Migrate to AWS SDK for JavaScript v3
- Follow AWS security best practices for SDK configuration

References
Contact AWS Security via the vulnerability reporting page or email [aws-security@amazon.com](mailto:aws-security@amazon.com).

Acknowledgement
AWS Security thanks Guy Arazi for bringing these customer security considerations to our attention through the coordinated disclosure process.
references
0
reference_url https://github.com/aws/aws-sdk-js
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-sdk-js
1
reference_url https://github.com/advisories/GHSA-j965-2qgj-vjmq
reference_id GHSA-j965-2qgj-vjmq
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j965-2qgj-vjmq
2
reference_url https://github.com/aws/aws-sdk-js/security/advisories/GHSA-j965-2qgj-vjmq
reference_id GHSA-j965-2qgj-vjmq
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-sdk-js/security/advisories/GHSA-j965-2qgj-vjmq
fixed_packages
aliases GHSA-j965-2qgj-vjmq
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-trz1-wjge-cqct
Fixing_vulnerabilities
Risk_score1.6
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/aws-sdk@2.928.0