HIGH 7.4

PYSEC-2023-243

Details

Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / localstack

Introduced in: 0

No fixed version published yet for localstack (pip). Pin to a known-safe version or switch to an alternative.

References

https://gxx777.github.io/localstack_v_2.3.2_Cryptographic_API_Misuse_Vulnerability.md [WEB]
https://github.com/advisories/GHSA-8633-g3ph-97rp [ADVISORY]