Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/localstack@0.5.3

Type pypi

Namespace

Name localstack

Version 0.5.3

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.0.0.post1

Latest_non_vulnerable_version 3.0.0.post1

Affected_by_vulnerabilities

url VCID-7bbn-p22w-dqc5

vulnerability_id VCID-7bbn-p22w-dqc5

summary Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-48054

reference_id

reference_type

scores

value	0.0014
scoring_system	epss
scoring_elements	0.34036
published_at	2026-06-12T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.33859
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-48054

reference_url

https://github.com/advisories/GHSA-8633-g3ph-97rp

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8633-g3ph-97rp

reference_url

https://github.com/localstack/localstack

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/localstack/localstack

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/localstack/PYSEC-2023-243.yaml

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/localstack/PYSEC-2023-243.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-48054

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-48054

reference_url

https://gxx777.github.io/localstack_v_2.3.2_Cryptographic_API_Misuse_Vulnerability.md

reference_id

localstack_v_2.3.2_Cryptographic_API_Misuse_Vulnerability.md

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-29T14:54:38Z/

url

https://gxx777.github.io/localstack_v_2.3.2_Cryptographic_API_Misuse_Vulnerability.md

fixed_packages

url	pkg:pypi/localstack@3.0.0.post1
purl	pkg:pypi/localstack@3.0.0.post1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/localstack@3.0.0.post1

aliases CVE-2023-48054, GHSA-8633-g3ph-97rp, PYSEC-2023-243

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7bbn-p22w-dqc5

url VCID-g51t-twvs-b3d4

vulnerability_id VCID-g51t-twvs-b3d4

summary The dashboard component of StackLift LocalStack 0.12.6 allows attackers to inject arbitrary shell commands via the functionName parameter.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-32090

reference_id

reference_type

scores

value	0.00424
scoring_system	epss
scoring_elements	0.62613
published_at	2026-06-11T12:55:00Z

value	0.00424
scoring_system	epss
scoring_elements	0.62714
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-32090

reference_url

https://blog.sonarsource.com/hack-the-stack-with-localstack

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://blog.sonarsource.com/hack-the-stack-with-localstack

reference_url

https://github.com/advisories/GHSA-hpr6-f4vq-mxch

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-hpr6-f4vq-mxch

reference_url

https://github.com/localstack/localstack

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/localstack/localstack

reference_url

https://github.com/localstack/localstack/commit/01cd169ae5d077693d4c1a4679a95e30b8d44d54

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/localstack/localstack/commit/01cd169ae5d077693d4c1a4679a95e30b8d44d54

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/localstack/PYSEC-2021-101.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/localstack/PYSEC-2021-101.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-32090

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-32090

reference_url

https://portswigger.net/daily-swig/localstack-zero-day-vulnerabilities-chained-to-achieve-remote-takeover-of-local-instances

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://portswigger.net/daily-swig/localstack-zero-day-vulnerabilities-chained-to-achieve-remote-takeover-of-local-instances

fixed_packages

url pkg:pypi/localstack@0.12.6.1

purl pkg:pypi/localstack@0.12.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7bbn-p22w-dqc5

vulnerability	VCID-g51t-twvs-b3d4

vulnerability	VCID-qrra-fj1x-kucf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/localstack@0.12.6.1

url pkg:pypi/localstack@0.12.10

purl pkg:pypi/localstack@0.12.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7bbn-p22w-dqc5

vulnerability	VCID-qrra-fj1x-kucf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/localstack@0.12.10

aliases CVE-2021-32090, GHSA-hpr6-f4vq-mxch, PYSEC-2021-101

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g51t-twvs-b3d4

url VCID-qrra-fj1x-kucf

vulnerability_id VCID-qrra-fj1x-kucf

summary A Cross-site scripting (XSS) vulnerability exists in StackLift LocalStack 0.12.6.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-32091

reference_id

reference_type

scores

value	0.0024
scoring_system	epss
scoring_elements	0.47527
published_at	2026-06-11T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.47668
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-32091

reference_url

https://blog.sonarsource.com/hack-the-stack-with-localstack

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://blog.sonarsource.com/hack-the-stack-with-localstack

reference_url

https://github.com/advisories/GHSA-37m5-42qp-4qpr

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-37m5-42qp-4qpr

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/localstack/PYSEC-2021-102.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/localstack/PYSEC-2021-102.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-32091

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-32091

reference_url

https://portswigger.net/daily-swig/localstack-zero-day-vulnerabilities-chained-to-achieve-remote-takeover-of-local-instances

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://portswigger.net/daily-swig/localstack-zero-day-vulnerabilities-chained-to-achieve-remote-takeover-of-local-instances

fixed_packages

url pkg:pypi/localstack@0.12.6.1

purl pkg:pypi/localstack@0.12.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7bbn-p22w-dqc5

vulnerability	VCID-g51t-twvs-b3d4

vulnerability	VCID-qrra-fj1x-kucf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/localstack@0.12.6.1

url pkg:pypi/localstack@0.12.11

purl pkg:pypi/localstack@0.12.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7bbn-p22w-dqc5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/localstack@0.12.11

aliases CVE-2021-32091, GHSA-37m5-42qp-4qpr, PYSEC-2021-102

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qrra-fj1x-kucf

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/localstack@0.5.3

Package Instance