Security researcher Barak Tawily has discovered a severe vulnerability in StackStorm. The flaw could be exploited by a remote attacker to trick developers into executing arbitrary commands on targeted services. The vulnerability tied the way the StackStorm REST API improperly handled CORS (cross-origin resource sharing) headers, allowing web browsers to perform cross-domain requests on behalf of authenticated users/developers. StackStorm has been used to automate workflows in many industries, it allows developers to configure actions, workflows, and scheduled tasks.”]
Source: https://securityaffairs.co/wordpress/82259/security/stackstorm-rce-flaw.html

