5 matches found
CVE-2026-24046
A flaw was found in Backstage. A symlink-based path traversal issue can be exploited in multiple Scaffolder actions and archive extraction utilities during template execution via malicious symlinks. An attacker with access to create and execute Scaffolder templates can read sensitive files, delet...
Symlink Attack
Overview @backstage/backend-defaults is a Backend defaults used by Backstage backend apps Affected versions of this package are vulnerable to Symlink Attack via multiple actions, including debug:log, fs:delete, and archive extraction. A user who create and execute Scaffolder templates can read,...
Path Traversal in @backstage/plugin-scaffolder-backend
Impact A malicious actor with write access to a registered scaffolder template is able to manipulate the template in a way that writes files to arbitrary paths on the scaffolder-backend host instance. This vulnerability can in some situation also be exploited through user input when executing a...
CVE-2021-43783
@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. In affected versions a malicious actor with write access to a registered scaffolder template is able to manipulate the template in a way that writes files to arbitrary paths on the scaffolder-backend...
CVE-2021-43783 Path Traversal in @backstage/plugin-scaffolder-backend
@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. In affected versions a malicious actor with write access to a registered scaffolder template is able to manipulate the template in a way that writes files to arbitrary paths on the scaffolder-backend...