Insufficient Logging Affecting @hulumi/baseline package, versions <1.3.2


Severity

Recommended
0.0
medium
0
10

CVSS assessment by Snyk's Security Team. Learn more

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Insufficient Logging vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-JS-HULUMIBASELINE-17660557
  • published27 Jun 2026
  • disclosed21 May 2026
  • creditUnknown

Introduced: 21 May 2026

CVE NOT AVAILABLE CWE-778  (opens in a new tab)

How to fix?

Upgrade @hulumi/baseline to version 1.3.2 or higher.

Overview

@hulumi/baseline is a Hardened Pulumi baseline components for AWS and GitHub — SecureBucket, AccountFoundation, AWS organization guardrails, secure primitives, detection foundations, SecureRepository, OrgFoundation. SLSA Build L3 attestation on every release.

Affected versions of this package are vulnerable to Insufficient Logging in the detection process for CloudTrail selector tampering events. An attacker can evade detection of unauthorized changes to audit logging configurations by manipulating CloudTrail event selectors.

References

CVSS Base Scores

version 4.0
version 3.1