Vulnerabilities > Localstack

DATE CVE VULNERABILITY TITLE RISK
2023-11-16 CVE-2023-48054 Improper Certificate Validation vulnerability in Localstack 2.3.2
Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.
network
high complexity
localstack CWE-295
7.4
2021-05-07 CVE-2021-32090 Command Injection vulnerability in Localstack 0.12.6
The dashboard component of StackLift LocalStack 0.12.6 allows attackers to inject arbitrary shell commands via the functionName parameter.
network
low complexity
localstack CWE-77
critical
10.0
2021-05-07 CVE-2021-32091 Cross-site Scripting vulnerability in Localstack 0.12.6
A Cross-site scripting (XSS) vulnerability exists in StackLift LocalStack 0.12.6.
network
localstack CWE-79
4.3