athena-sqlite icon indicating copy to clipboard operation
athena-sqlite copied to clipboard

Published 20 hours ago • verified publisher icon dacort

AWS SAR vulnerability in README.md

Open johspaeth opened this issue 3 years ago • 0 comments

Hi @dacort

the README states that deployment is done using AWS SAR. There has been a recent cross-account vulnerability related to AWS SAR and your repo may be affected. In the blog post, you find an explanation, as well as a short explanation of what needs to be fixed.

As your README deployment contains the vulnerability, I suggest updating it. To prevent the vulnerability, you need to add a block

            Condition:
              StringEquals:
                "aws:SourceAccount":  <AWS::AccountId>

johspaeth avatar Sep 25 '21 08:09 johspaeth