Missing SSL certificate validation in localstack

GHSA-8633-g3ph-97rp · CVE-2023-48054 · PYSEC-2023-243

Published Nov 16, 2023 · Modified Jun 10, 2026

Description

Missing SSL certificate validation in localstack allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-48054
PACKAGE https://github.com/localstack/localstack
WEB https://github.com/pypa/advisory-database/tree/main/vulns/localstack/PYSEC-2023-243.yaml
WEB https://gxx777.github.io/localstack_v_2.3.2_Cryptographic_API_Misuse_Vulnerability.md

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes