—
PYSEC-2021-101
Details
The dashboard component of StackLift LocalStack 0.12.6 allows attackers to inject arbitrary shell commands via the functionName parameter.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / localstack
Introduced in:
0 Fixed in: 0.12.6.1 Fix
pip install --upgrade 'localstack>=0.12.6.1'