Skip to main content

Localstack

3 CVEs product

Monthly

CVE-2023-48054 PyPI HIGH This Week

Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Localstack
NVD
CVSS 3.1
7.4
EPSS
0.3%
CVE-2021-32091 PyPI MEDIUM POC PATCH This Month

A Cross-site scripting (XSS) vulnerability exists in StackLift LocalStack 0.12.6. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Localstack
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-32090 PyPI CRITICAL POC PATCH Act Now

The dashboard component of StackLift LocalStack 0.12.6 allows attackers to inject arbitrary shell commands via the functionName parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Localstack
NVD
CVSS 3.1
9.8
EPSS
2.1%
EPSS 0% CVSS 7.4
HIGH This Week

Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Localstack
NVD
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

A Cross-site scripting (XSS) vulnerability exists in StackLift LocalStack 0.12.6. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Localstack
NVD
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

The dashboard component of StackLift LocalStack 0.12.6 allows attackers to inject arbitrary shell commands via the functionName parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Localstack
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy