Tag
#@hulumi/policies
blogHIGH 8.3
Understanding the @hulumi/policies Vulnerability: Bypassing IAM Role Policy Checks with Multiple OIDC Providers
A vulnerability in @hulumi/policies allows IAM roles with multiple OIDC providers to bypass policy checks, potentially leading to overly permissive access. The issue was fixed in version 1.4.0.
newsHIGH 8.4
@hulumi/policies vulnerability allows bypassing policy packs with forged Pulumi-URN logical name
A high-severity vulnerability in @hulumi/policies allows developers to bypass mandatory hardening checks by naming resources with a trusted substring, affecting multiple cloud providers.