LocalStack
Replies: 1 comment
-
|
Thanks so much for reaching out @oscarjhk. Can you please send the relevant details of the security issue to security@localstack.cloud? This would be the best path to resolve this. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hello,
I found a security-relevant hardening issue affecting reachable LocalStack deployments.
I do not think this is best framed as a classic bug-class vulnerability, but I believe the current default behavior should be tightened for non-local callers in some deployment setups.
I have reproduced the issue with a simple PoC, assessed the impact in reachable environments, and prepared a patch candidate. Since this repository is archived, I would like to confirm the right place to report and submit this.
Should I submit a PR to the active repository, or would you prefer that I share the technical details through a different channel first, given that the issue may be security-sensitive?
Thanks.
Beta Was this translation helpful? Give feedback.
All reactions