PyPI package
localstack
pkg:pypi/localstack
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-48054 | — | <= 3.0.0 | — | Nov 16, 2023 | Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack. | ||
| CVE-2021-32090 | — | < 0.12.10 | 0.12.10 | May 7, 2021 | The dashboard component of StackLift LocalStack 0.12.6 allows attackers to inject arbitrary shell commands via the functionName parameter. | ||
| CVE-2021-32091 | — | <= 0.12.10 | — | May 7, 2021 | A Cross-site scripting (XSS) vulnerability exists in StackLift LocalStack 0.12.6. |
- CVE-2023-48054Nov 16, 2023affected <= 3.0.0
Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.
- CVE-2021-32090May 7, 2021affected < 0.12.10fixed 0.12.10
The dashboard component of StackLift LocalStack 0.12.6 allows attackers to inject arbitrary shell commands via the functionName parameter.
- CVE-2021-32091May 7, 2021affected <= 0.12.10
A Cross-site scripting (XSS) vulnerability exists in StackLift LocalStack 0.12.6.