AWS Amplify Studio's amplify-codegen-ui package, version 2.20.2 and below, has a vulnerability (CVE-2025-4318). This vulnerability is an input validation issue affecting UI component properties. Malicious actors could inject arbitrary JavaScript code during component rendering and building. The vulnerability exists in the expression-binding function's lack of schema property validation. Authenticated users with component creation/modification privileges are at risk. The issue is resolved in version 2.20.3. Upgrading to 2.20.3 is crucial to mitigate this risk. Users should also patch any forked or derived code. Contact [email protected] for security inquiries. The vulnerability ID is GHSA-hf3j-86p7-mfw8.