LocalStack is a popular open-source application that provides an easy-to-use test framework for cloud applications, allowing developers to host a fully functional AWS cloud setup in their local network for developing and testing cloud and serverless apps. However, security researchers recently discovered critical code vulnerabilities in the latest LocalStack version 0.12.6, including OS Command Injection, Server-Side Request Forgery, Cross-Site Scripting, and Denial of Service via regular expressions. These vulnerabilities can be combined to compromise a local instance and execute arbitrary system commands, making it possible for attackers to remotely interact with LocalStack instances running locally through cross-site HTTP requests or by exploiting the lack of authentication. The vulnerabilities also allow an attacker to add a man-in-the-middle proxy in LocalStack, enabling abuse of further features and triggering other code vulnerabilities. The security researchers reported these issues responsibly to the vendor but were left unpatched due to a limited attack scenario. Despite this, they emphasize the importance of awareness among developers to protect their setups and write secure code for their own applications.