Aggregates CVE and security vulnerability intelligence across all localstack-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk cross-site scripting; exposure may include vendor impact session compromise in vendor surface software deployment and vendor surface production workloads contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-48054 | Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack. | [email protected] | 7.4 | 0.30% | 2023-11-16 | 2024-11-21 |
| CVE-2021-32091 | A Cross-site scripting (XSS) vulnerability exists in StackLift LocalStack 0.12.6. | [email protected] | 6.1 | 0.85% | 2021-05-07 | 2024-11-21 |
| CVE-2021-32090 | The dashboard component of StackLift LocalStack 0.12.6 allows attackers to inject arbitrary shell commands via the functionName parameter. | [email protected] | 9.8 | 2.11% | 2021-05-07 | 2024-11-21 |