LocalStack is vulnerable to cross-site scripting. The vulnerability is due to not having CSRF protection. An attacker can trick a user into visiting a website with malicious Javascript code, which queries the localstack API. With modern browser protection, the attacker’s site won’t receive the result, but the attacker will be able to issue commands to the local instance.Read More