62 matches found
CVE-2021-32091
A Cross-site scripting XSS vulnerability exists in StackLift LocalStack 0.12.6...
CVE-2021-32090
The dashboard component of StackLift LocalStack 0.12.6 allows attackers to inject arbitrary shell commands via the functionName parameter...
CVE-2024-56201 vulnerabilities
Vulnerabilities for packages: superset, checkov, mlflow, airflow, py3.10-vllm-cuda-11.8, py3.10-torchvision-cuda-12.3, py3.11-torchvision-cuda-12.3, kubeflow-jupyter-web-app, ansible-operator, py3.9-torchvision-cuda-11.8, kubeflow-volumes-web-app, dask-gateway, kserve, reflex, py3-jinja2,...
Missing Certificate Validation
localstack is vulnerable to Missing Certificate Validation. An attacker can eavesdrop on communications between the host and server by performing a man-in-the-middle attack...
GHSA-8633-G3PH-97RP Missing SSL certificate validation in localstack
Missing SSL certificate validation in localstack allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack...
Missing SSL certificate validation in localstack
Missing SSL certificate validation in localstack allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack...
CVE-2023-48054
Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack...
CVE-2023-48054
Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack...
CVE-2023-48054
Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack...
PYSEC-2023-243
Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack...
PYSEC-2023-243
Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack...
CVE-2023-48054
Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack...
CVE-2023-48054
Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack...
CVE-2023-48054
CVE-2023-48054 concerns missing SSL certificate validation in localstack v2.3.2 , enabling a man-in-the-middle eavesdropping of communications between host and server. Connected advisories confirm the same vulnerability across sources (Red Hat, Veracode, GHSA, OSV, NVD, etc.). The provided docume...
LocalStack Security Vulnerabilities
LocalStack is a cloud service emulator from LocalStack open source. It can be run in a laptop or a single container in a CI environment. A security vulnerability exists in LocalStack version v2.3.2, which stems from a lack of SSL certificate validation, allowing an attacker to eavesdrop on...
Cicd-Goat - A Deliberately Vulnerable CI/CD Environment
Deliberately vulnerable CI/CD environment. Hack CI/CD pipelines, capture the flags. Created by Cider Security. Description The CI/CD Goat project allows engineers and security practitioners to learn and practice CI/CD security through a set of 10 challenges, enacted against a real, full blown CI/...
Server-Side Request Forgery (SSRF)
localstack is vulnerable to server-side request forgery attacks. The application does not properly handle user-supplied data, which allows a malicious user to make arbitrary requests on the internal network, resulting in sensitive information retrieval or deletion...
Cross Site Scripting (XSS)
LocalStack is vulnerable to cross-site scripting XSS.The vulnerability exists due to lack of sanitization of user input which allows a remote attacker to inject and execute malicious code into the system...
Vulnerability Research Highlights 2021
At SonarSource we are constantly improving our code analyzers to help developers write Clean Code. The detection of severe code vulnerabilities plays an important role in this process so that applications are protected from attacks and security breaches. For this same reason, our research team...
GHSA-37M5-42QP-4QPR Cross-site scripting in LocalStack
A Cross-site scripting XSS vulnerability exists in StackLift LocalStack...