Vulnerability Details CVE-2021-32090
The dashboard component of StackLift LocalStack 0.12.6 allows attackers to inject arbitrary shell commands via the functionName parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 62.6%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- https://blog.sonarsource.com/hack-the-stack-with-localstack
- https://portswigger.net/daily-swig/localstack-zero-day-vulnerabilities-chained-to-achieve-remote-takeover-of-local-instances
- https://blog.sonarsource.com/hack-the-stack-with-localstack
- https://portswigger.net/daily-swig/localstack-zero-day-vulnerabilities-chained-to-achieve-remote-takeover-of-local-instances
Products affected by CVE-2021-32090
-
cpe:2.3:a:localstack:localstack:0.12.6