“Critical vulnerabilities in LocalStack, a popular framework for building cloud applications, can be chained to remotely take over locally-run LocalStack instances, security researchers claim. Researchers from Sonarsource have documented how they combined cross-site scripting (XSS) and server-side request forgery (SSRF) vulnerabilities to achieve OS command injection against the open source Python application.”
The rest of the article: https://portswigger.net/daily-swig/localstack-zero-day-vulnerabilities-chained-to-achieve-remote-takeover-of-local-instances
Dystopian Times 
Leave a comment