policies

CVEs (3)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2026-48034	Hulumi policies	hig	0.38	—	—	Jun 10, 2026	Affected: `@hulumi/policies` `< 1.4.0` — Fixed in: `1.4.0` — Severity: High — CWE-284 (Improper Access Control) #### Summary HULUMI-H1 forbids raw `aws:s3:Bucket` outside of Hulumi's `SecureBucket` component, with one exemption: a raw bucket that's a…
CVE-2026-48033	Hulumi policies	hig	0.38	—	—	Jun 10, 2026	Affected: `@hulumi/policies` `< 1.4.0` — Fixed in: `1.4.0` — Severity: High — CWE-693 (Protection Mechanism Failure) #### Summary Pulumi gives every cloud resource a structured URN that includes the resource's type chain…
CVE-2026-48032	Hulumi policies	hig	0.38	—	—	Jun 10, 2026	Affected: `@hulumi/policies` `< 1.4.0` — Fixed in: `1.4.0` — Severity: High — CWE-697 (Incorrect Comparison) #### Summary AWS IAM trust policies can list more than one federated identity provider — for example, a role that accepts BOTH GitHub Actions…

CVE-2026-48034higJun 10, 2026
Hulumi
policies
risk 0.38cvss —epss —
**Affected:** `@hulumi/policies` `< 1.4.0` — **Fixed in:** `1.4.0` — **Severity:** High — **CWE-284 (Improper Access Control)** #### Summary HULUMI-H1 forbids raw `aws:s3:Bucket` outside of Hulumi's `SecureBucket` component, with one exemption: a raw bucket that's a…
CVE-2026-48033higJun 10, 2026
Hulumi
policies
risk 0.38cvss —epss —
**Affected:** `@hulumi/policies` `< 1.4.0` — **Fixed in:** `1.4.0` — **Severity:** High — **CWE-693 (Protection Mechanism Failure)** #### Summary Pulumi gives every cloud resource a structured URN that includes the resource's type chain…
CVE-2026-48032higJun 10, 2026
Hulumi
policies
risk 0.38cvss —epss —
**Affected:** `@hulumi/policies` `< 1.4.0` — **Fixed in:** `1.4.0` — **Severity:** High — **CWE-697 (Incorrect Comparison)** #### Summary AWS IAM trust policies can list more than one federated identity provider — for example, a role that accepts BOTH GitHub Actions…