Lucene search

PRIOn knowledge basePRION:CVE-2023-35926

HistoryJun 22, 2023 - 2:15 p.m.

Code injection

2023-06-2214:15:00

PRIOn knowledge base

www.prio-n.com

backstage

code injection

plugin

vm2

sandbox

vulnerabilities

remote code execution

template yaml

fixed

version 1.15.0

nvd

9.9 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

79.9%

JSON

Backstage is an open platform for building developer portals. The Backstage scaffolder-backend plugin uses a templating library that requires sandbox, as it by design allows for code injection. The library used for this sandbox so far has been vm2, but in light of several past vulnerabilities and existing vulnerabilities that may not have a fix, the plugin has switched to using a different sandbox library. A malicious actor with write access to a registered scaffolder template could manipulate the template in a way that allows for remote code execution on the scaffolder-backend instance. This was only exploitable in the template YAML definition itself and not by user input data. This is vulnerability is fixed in version 1.15.0 of @backstage/plugin-scaffolder-backend.

CPENameOperatorVersion
backstagelt1.15.0

CPE	Name	Operator	Version
	backstage	lt	1.15.0

References

github.com/backstage/backstage/commit/fb7375507d56faedcb7bb3665480070593c8949a

github.com/backstage/backstage/releases/tag/v1.15.0

github.com/backstage/backstage/security/advisories/GHSA-wg6p-jmpc-xjmr