CVE-2023-48054

HIGH

localstack 2.3.2 - Missing SSL Certificate Validation

Title source: llm

Description

Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.

References (1)

Core 1

Core References

Third Party Advisory

https://gxx777.github.io/localstack_v_2.3.2_Cryptographic_API_Misuse_Vulnerability.md

Scores

CVSS v3 7.4

EPSS 0.0014

EPSS Percentile 33.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-295

Status published

Products (2)

localstack/localstack 2.3.2

pypi/localstack 0PyPI

Published Nov 16, 2023

Tracked Since Feb 18, 2026