@hulumi/policies vulnerability allows bypassing policy packs with forged Pulumi-URN logical name
A high-severity vulnerability in @hulumi/policies allows developers to bypass mandatory hardening checks by naming resources with a trusted substring, affecting multiple cloud providers.