localstack
Chainguard
Status
Impact
This CVE is a transitive dependency brought in via a Customized LocalStack version of the AWS Lambda Runtime Interface Emulator (RIE) defined here in localstack’s lambda-runtime-init repo https://github.com/localstack/lambda-runtime-init/blob/0b2b5bebe96aa1e94d9bdb1138f0eff61a30d5fb/go.mod#L28 Due to the way logstack compiles this lambda runtime at build, we must wait for upstream maintainers to release a version containing the fix
Status