Critical severityNVD Advisory· Published May 7, 2021· Updated Aug 3, 2024
CVE-2021-32090
CVE-2021-32090
Description
The dashboard component of StackLift LocalStack 0.12.6 allows attackers to inject arbitrary shell commands via the functionName parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
localstackPyPI | < 0.12.10 | 0.12.10 |
Affected products
2- StackLift/LocalStackdescription
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-hpr6-f4vq-mxchghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-32090ghsaADVISORY
- blog.sonarsource.com/hack-the-stack-with-localstackghsax_refsource_MISCWEB
- github.com/localstack/localstack/commit/01cd169ae5d077693d4c1a4679a95e30b8d44d54ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/localstack/PYSEC-2021-101.yamlghsaWEB
- portswigger.net/daily-swig/localstack-zero-day-vulnerabilities-chained-to-achieve-remote-takeover-of-local-instancesghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.