@hulumi/policies bypasses policy packs with a forged Pulumi-URN logical name

Affected: @hulumi/policies 1.4.0 — Fixed in: 1.4.0 — Severity: High — CWE-693 Protection Mechanism Failure Summary Pulumi gives every cloud resource a structured URN that includes the resource's type chain hulumi:baseline:aws:SecureBucket$aws:s3/bucketV2:BucketV2 and the logical name the develope...

EUVD-2014-4795

Malware in sbrugna...

EUVD-2008-5394

Malware in sbrugna...

EUVD-2007-4211

Malware in sbrugna...

CVE-2008-5417

HP DECnet-Plus 8.3 before ECO03 for OpenVMS on the Alpha platform uses world-writable permissions for the OSIT$NAMES logical name table, which allows local users to bypass intended access restrictions and modify this table via the 1 SYS$CRELNM and 2 SYS$DELLNM system services...

Design/Logic Flaw

HP DECnet-Plus 8.3 before ECO03 for OpenVMS on the Alpha platform uses world-writable permissions for the OSIT$NAMES logical name table, which allows local users to bypass intended access restrictions and modify this table via the 1 SYS$CRELNM and 2 SYS$DELLNM system services...

CVE-2007-4228

rmpvc on IBM AIX 4.3 allows local users to cause a denial of service system crash via long port logical name -l argument...