Improper Input Validation in aws-sdk

Summary

A vulnerability was found in AWS SDK for JavaScript v2 versions 2.x through 3.0.0 in region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. Customer applications could be configured to improperly route AWS API calls to non-existent or non-AWS hosts. As per the AWS shared responsibility model, customer applications should protect instances appropriately, or implement proper input sanitization checks. The AWS SDK for JavaScript v2 reached end-of-support on September 8 2025, but a defense-in-depth enhancement has been implemented in AWS SDK for JavaScript v3. While the SDK itself is functioning as designed, it is recommend customers migrate to AWS SDK for JavaScript v3 for continued support and enhanced security features.