Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/01/22 8:59 p.m.5 views

CVE-2026-24046

A flaw was found in Backstage. A symlink-based path traversal issue can be exploited in multiple Scaffolder actions and archive extraction utilities during template execution via malicious symlinks. An attacker with access to create and execute Scaffolder templates can read sensitive files, delet...

9.1CVSS5.8AI score0.00478EPSS
Exploits0References5
Snyk
Snyk
added 2026/01/21 10:36 p.m.5 views

Symlink Attack

Overview @backstage/backend-defaults is a Backend defaults used by Backstage backend apps Affected versions of this package are vulnerable to Symlink Attack via multiple actions, including debug:log, fs:delete, and archive extraction. A user who create and execute Scaffolder templates can read,...

9.9CVSS5.8AI score0.00478EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2021/12/01 6:28 p.m.48 views

Path Traversal in @backstage/plugin-scaffolder-backend

Impact A malicious actor with write access to a registered scaffolder template is able to manipulate the template in a way that writes files to arbitrary paths on the scaffolder-backend host instance. This vulnerability can in some situation also be exploited through user input when executing a...

8.5CVSS2.3AI score0.01206EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/11/29 8:15 p.m.13 views

CVE-2021-43783

@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. In affected versions a malicious actor with write access to a registered scaffolder template is able to manipulate the template in a way that writes files to arbitrary paths on the scaffolder-backend...

8.5CVSS8.3AI score
Exploits0References2
Cvelist
Cvelist
added 2021/11/29 7:20 p.m.32 views

CVE-2021-43783 Path Traversal in @backstage/plugin-scaffolder-backend

@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. In affected versions a malicious actor with write access to a registered scaffolder template is able to manipulate the template in a way that writes files to arbitrary paths on the scaffolder-backend...

8.5CVSS8.5AI score0.01206EPSS
Exploits0References2
Rows per page
Query Builder