{"id":"PYSEC-2023-243","details":"Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.","aliases":["CVE-2023-48054","GHSA-8633-g3ph-97rp"],"modified":"2025-10-09T08:26:34.767288Z","published":"2023-11-16T18:15:00Z","references":[{"type":"WEB","url":"https://gxx777.github.io/localstack_v_2.3.2_Cryptographic_API_Misuse_Vulnerability.md"}],"affected":[{"package":{"name":"localstack","ecosystem":"PyPI","purl":"pkg:pypi/localstack"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.0.1","0.1.10","0.1.11","0.1.12","0.1.13","0.1.14","0.1.15","0.1.17","0.1.18","0.1.5","0.1.6","0.1.7","0.1.8","0.1.9","0.10.0","0.10.1","0.10.1.1","0.10.1.2","0.10.1.3","0.10.1.4","0.10.2","0.10.2.1","0.10.2.2","0.10.2.3","0.10.2.4","0.10.2.5","0.10.3","0.10.3.1","0.10.3.2","0.10.4","0.10.4.1","0.10.4.2","0.10.5","0.10.6","0.10.7","0.10.8","0.11.0","0.11.0.1","0.11.0.2","0.11.0.3","0.11.0.4","0.11.0.5","0.11.1","0.11.1.1","0.11.2","0.11.3","0.11.3.1","0.11.3.2","0.11.3.3","0.11.4","0.11.5","0.11.6","0.12.0","0.12.1","0.12.10","0.12.11","0.12.12","0.12.13","0.12.13.1","0.12.14","0.12.15","0.12.15.1","0.12.16","0.12.16.1","0.12.16.2","0.12.17","0.12.17.1","0.12.17.2","0.12.17.3","0.12.17.4","0.12.17.5","0.12.18","0.12.18.1","0.12.18.2","0.12.18.3","0.12.18.4","0.12.18.5","0.12.19","0.12.19.1","0.12.19.2","0.12.19.3","0.12.19.4","0.12.2","0.12.20","0.12.3","0.12.4","0.12.5","0.12.6","0.12.6.1","0.12.7","0.12.8","0.12.9","0.12.9.1","0.13.0","0.13.0.1","0.13.0.10","0.13.0.11","0.13.0.2","0.13.0.3","0.13.0.4","0.13.0.5","0.13.0.6","0.13.0.7","0.13.0.8","0.13.0.9","0.13.1","0.13.1.1","0.13.1.2","0.13.2","0.13.2.1","0.13.3","0.13.3.1","0.13.3.2","0.13.3.3","0.13.3.4","0.13.3.5","0.13.3.6","0.14.0","0.14.0.1","0.14.0.10","0.14.0.2","0.14.0.3","0.14.0.4","0.14.0.5","0.14.0.6","0.14.0.7","0.14.0.8","0.14.0.9","0.14.1","0.14.1.1","0.14.1.2","0.14.1.3","0.14.2","0.14.2.1","0.14.2.10","0.14.2.11","0.14.2.2","0.14.2.3","0.14.2.4","0.14.2.5","0.14.2.6","0.14.2.7","0.14.2.8","0.14.2.9","0.14.3","0.14.3.1","0.14.3.2","0.14.3.3","0.14.3.4","0.14.3.5","0.14.3.6","0.14.4","0.14.5","0.2.0","0.2.1","0.2.10","0.2.11","0.2.2","0.2.3","0.2.4","0.2.5","0.2.6","0.2.7","0.2.8","0.2.9","0.3.0","0.3.10","0.3.11","0.3.2","0.3.3","0.3.4","0.3.5","0.3.6","0.3.7","0.3.8","0.3.9","0.4.0","0.4.1","0.4.2","0.4.3","0.5.0","0.5.1","0.5.2","0.5.2.1","0.5.2.2","0.5.2.3","0.5.3","0.5.3.1","0.5.4","0.5.5","0.6.0.1","0.6.0.2","0.6.1","0.6.1.1","0.7.0","0.7.1","0.7.2","0.7.3","0.7.4","0.7.4.1","0.7.4.2","0.7.4.3","0.7.5","0.8.0","0.8.1","0.8.10","0.8.2","0.8.3","0.8.4","0.8.5","0.8.6","0.8.6.1","0.8.6.2","0.8.7","0.8.8","0.8.9","0.9.0","0.9.1","0.9.2","0.9.4","0.9.5","0.9.6","1.0.0","1.0.1","1.0.2","1.0.3","1.0.4","1.1.0","1.2.0","1.3.0","1.3.1","1.3.1.dev20221207092718","1.3.1.dev20221208144623","1.3.2.dev20221219124041","1.3.2.dev20230104092258","1.3.2.dev20230111091637","1.3.2.dev20230116082152","1.3.2.dev20230123090109","1.3.2.dev20230123214937","1.3.2.dev20230204140326","1.3.2.dev20230204140327","1.3.2.dev20230206202801","1.4.0","1.4.0.dev1","1.4.0.dev20230211183227","1.4.1.dev20230214124715","1.4.1.dev20230214162849","1.4.1.dev20230215143756","1.4.1.dev20230215215857","1.4.1.dev20230215233822","1.4.1.dev20230220091228","1.4.1.dev20230221142230","1.4.1.dev20230221181016","1.4.1.dev20230227100713","1.4.1.dev20230227122659","1.4.1.dev20230228121159","1.4.1.dev20230228153910","1.4.1.dev20230228165600","1.4.1.dev20230228191548","1.4.1.dev20230228201659","1.4.1.dev20230301120556","1.4.1.dev20230301143008","1.4.1.dev20230302141202","1.4.1.dev20230302172423","1.4.1.dev20230302214333","1.4.1.dev20230306122035","1.4.1.dev20230306184751","1.4.1.dev20230306202231","1.4.1.dev20230307094505","1.4.1.dev20230307143506","1.4.1.dev20230309160820","1.4.1.dev20230309223540","1.4.1.dev20230311163149","1.4.1.dev20230311211518","1.4.1.dev20230312125929","1.4.1.dev20230312163603","1.4.1.dev20230312230254","1.4.1.dev20230313075537","1.4.1.dev20230313111050","1.4.1.dev20230313203914","1.4.1.dev20230314103021","1.4.1.dev20230314152116","1.4.1.dev20230314222630","1.4.1.dev20230315082709","1.4.1.dev20230315122031","1.4.1.dev20230315151741","1.4.1.dev20230315213450","1.4.1.dev20230315213523","1.4.1.dev20230315213526","1.4.1.dev20230316110724","1.4.1.dev20230316145113","1.4.1.dev20230316165503","1.4.1.dev20230316173106","1.4.1.dev20230317001446","1.4.1.dev20230317162916","1.4.1.dev20230317211957","1.4.1.dev20230318000729","1.4.1.dev20230319154304","1.4.1.dev20230320072715","1.4.1.dev20230320115709","1.4.1.dev20230320190736","1.4.1.dev20230320193711","1.4.1.dev20230321152751","1.4.1.dev20230321182210","1.4.1.dev20230321184038","1.4.1.dev20230321204209","1.4.1.dev20230321210147","1.4.1.dev20230321212802","1.4.1.dev20230322123811","1.4.1.dev20230322164127","1.4.1.dev20230322164919","1.4.1.dev20230322192706","1.4.1.dev20230322193941","1.4.1.dev20230323084710","1.4.1.dev20230323123259","2.0.0","2.0.0.dev20230324141211","2.0.0.dev20230329104442","2.0.0.dev20230329200602","2.0.0.dev20230330122648","2.0.0.post1","2.0.1","2.0.1.dev20230331110744","2.0.2","2.0.3.dev20230516084829","2.0.3.dev20230523065743","2.1.0","2.1.1.dev20230605083031","2.1.1.dev20230621080533","2.1.1.dev20230708135750","2.2.0","2.2.1.dev20230805180111","2.2.1.dev20230808110233","2.2.1.dev20230810214345","2.2.1.dev20230812232603","2.2.1.dev20230901192724","2.2.1.dev20230906090453","2.2.1.dev20230915092530","2.2.1.dev20230915133353","2.2.1.dev20230919235829","2.3.0","2.3.1","2.3.2","2.3.3.dev20231017221844","2.3.3.dev20231115131756","2.3.3.dev20231116102714","3.0.0","3.0.0.post1","3.0.0.post2","3.0.0.post3","3.0.0.post4","3.0.1","3.0.2.dev20231126120730","3.0.2","3.0.3.dev20240104104007","3.0.3.dev20240104111550","3.0.3.dev20240125101425","3.1.0","3.1.1.dev20240205105529","3.1.1.dev20240228030630","3.2.0","3.2.1.dev20240325141649","3.2.1.dev20240325164039","3.2.1.dev20240327073347","3.2.1.dev20240327140239","3.2.1.dev20240328125316","3.3.0","3.3.1.dev20240419073811","3.3.1.dev20240424163921","3.4.0","3.4.1.dev20240612220525","3.4.1.dev20240613052142","3.5.0","3.5.1.dev20240717113316","3.5.1.dev20240718085020","3.5.1.dev20240718105800","3.5.1.dev20240719061349","3.5.1.dev20240724124129","3.5.1.dev20240725060804","3.6.0","3.6.1.dev20240726125140","3.6.1.dev121","3.6.1.dev131","3.7.0","3.7.1.dev1","3.7.1","3.7.2.dev1","3.7.2","3.7.3.dev1","3.7.3.dev55","3.7.3.dev92","3.7.3.dev93","3.8.0","3.8.1.dev1","3.8.1","3.8.2.dev1","3.8.2.dev11","4.0.0","4.0.1","4.0.1.dev1","4.0.2","4.0.2.dev1","4.0.3","4.0.3.dev1","4.0.4.dev1","4.0.4.dev172","4.1.0","4.1.1","4.1.1.dev1","4.1.2.dev1","4.1.2.dev104","4.1.2.dev52","4.1.2.dev58","4.2.0","4.2.1.dev1","4.2.1.dev126","4.2.1.dev138","4.3.0","4.3.1.dev1","4.3.1.dev151","4.3.1.dev172","4.3.1.dev194","4.3.1.dev58","4.4.0","4.4.1.dev1","4.4.1.dev123","4.5.0","4.5.1.dev1","4.5.1.dev112","4.5.1.dev140","4.5.1.dev41","4.6.0","4.6.1.dev1","4.6.1.dev132","4.6.1.dev152","4.6.1.dev174","4.7.0","4.7.1.dev1","4.7.1.dev123","4.7.1.dev195","4.7.1.dev228","4.7.1.dev233","4.8.0","4.8.1","4.8.1.dev1","4.8.1.dev21","4.8.2.dev1","4.8.2.dev26","4.8.2.dev40","4.8.2.dev79","4.8.2.dev83","4.9.0","4.9.1","4.9.1.dev1","4.9.2","4.9.2.dev1","4.9.3.dev1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/localstack/PYSEC-2023-243.yaml"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}]}