8 matches found
CVE-2026-24047
Backstage is an open framework for building developer portals, and @backstage/cli-common provides config loading functionality used by the backend and command line interface of Backstage. Prior to version 0.1.17, the resolveSafeChildPath utility function in @backstage/backend-plugin-api, which is...
CVE-2026-24047
Backstage is an open framework for building developer portals, and @backstage/cli-common provides config loading functionality used by the backend and command line interface of Backstage. Prior to version 0.1.17, the resolveSafeChildPath utility function in @backstage/backend-plugin-api, which is...
CVE-2026-24047 @backstage/cli-common has a possible `resolveSafeChildPath` Symlink Chain Bypass
Backstage is an open framework for building developer portals, and @backstage/cli-common provides config loading functionality used by the backend and command line interface of Backstage. Prior to version 0.1.17, the resolveSafeChildPath utility function in @backstage/backend-plugin-api, which is...
CVE-2026-24047 @backstage/cli-common has a possible `resolveSafeChildPath` Symlink Chain Bypass
Backstage is an open framework for building developer portals, and @backstage/cli-common provides config loading functionality used by the backend and command line interface of Backstage. Prior to version 0.1.17, the resolveSafeChildPath utility function in @backstage/backend-plugin-api, which is...
CVE-2026-24047
CVE-2026-24047 affects Backstage: @backstage/cli-common relies on resolveSafeChildPath in @backstage/backend-plugin-api, which before v0.1.17 failed to validate symlink chains and dangling symlinks. This allowed path traversal via symlink chains (e.g., link1 → link2 → /outside) and dangling symli...
@backstage/cli-common has a possible `resolveSafeChildPath` Symlink Chain Bypass
Impact The resolveSafeChildPath utility function in @backstage/backend-plugin-api, which is used to prevent path traversal attacks, failed to properly validate symlink chains and dangling symlinks. An attacker could bypass the path validation by: 1. Symlink chains: Creating link1 → link2 → /outsi...
@backstage/backend-app-api (>=0.0.0-nightly-20241221023113 <=1.4.0-next.1), @backstage/backend-defaults (>=0.0.0-nightly-20241120023536 <=0.15.0-next.2) +111 more potentially affected by CVE-2026-24047 via @backstage/backend-plugin-api (>=1.0.1-next.0 <=1.6.0)
@backstage/backend-plugin-api NPM version =1.0.1-next.0, =0.0.0-nightly-20241221023113, =0.0.0-nightly-20241120023536, =0.0.0-nightly-20241120023536, =0.2.0-next.1, =0.0.0-nightly-20241221023113, =0.0.0-nightly-20241121023535, =0.1.26-next.1, =0.0.0-nightly-20250225023230, =0.3.1-next.1,...
PT-2026-3876
Name of the Vulnerable Software and Affected Versions Backstage versions prior to 0.1.17 Description The resolveSafeChildPath utility function in @backstage/backend-plugin-api did not properly validate symlink chains and dangling symlinks, leading to a path traversal issue. An attacker could bypa...