9 matches found
Important: Red Hat Security Advisory: Red Hat Developer Hub 1.8.7 release.
Red Hat Developer Hub 1.8.7 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...
CVE-2026-29185 @backstage/integration: Potential reading of SCM URLs using built in token
Backstage is an open framework for building developer portals. Prior to version 1.20.1, a vulnerability in the SCM URL parsing used by Backstage integrations allowed path traversal sequences in encoded form to be included in file paths. When these URLs were processed by integration functions that...
Directory Traversal
Overview @backstage/integration is a Helpers for managing integrations towards external systems Affected versions of this package are vulnerable to Directory Traversal via the SCM URL parsing. An attacker can access unauthorized SCM provider API endpoints by supplying specially crafted SCM URLs...
@backstage/backend-defaults (>=0.0.0-nightly-20240929023448 <=0.15.2-next.1), @backstage/backend-dynamic-feature-service (>=0.0.0-nightly-20240929023448 <=0.7.9-next.1) +80 more potentially affected by CVE-2026-29185 via @backstage/integration (>=1.15.0 <=1.20.0)
@backstage/integration NPM version =1.15.0, =0.0.0-nightly-20240929023448, =0.0.0-nightly-20240929023448, =0.0.0-nightly-20240929023448, =0.0.0-nightly-20240929023448, =0.0.0-nightly-20250614024041, =0.0.0-nightly-20240929023448, =0.0.0-nightly-20250129022746, =0.0.0-nightly-20250129022746,...
@backstage/backend-defaults (>=0.15.3-next.0 <=0.16.0-next.2), @backstage/backend-dynamic-feature-service (>=0.7.10-next.0 <=0.8.0-next.2) +70 more potentially affected by CVE-2026-29185 via @backstage/integration (>=1.21.0-next.0 <=2.0.0-next.2)
@backstage/integration NPM version =1.21.0-next.0, =0.15.3-next.0, =0.7.10-next.0, =1.11.1-next.0, =0.35.5-next.0, =0.5.9-next.0, =1.1.21-next.0, =0.15.1-next.0, =0.4.1-next.0, =0.5.1-next.0, =1.2.16-next.0, =0.13.5-next.0, =0.4.1-next.0, =0.3.8-next.0, =1.33.1-next.0, =3.5.0-next.0, =3.5.0-next....
PT-2026-23440
Name of the Vulnerable Software and Affected Versions Backstage versions prior to 1.20.1 Description Backstage is a framework for building developer portals. A flaw in how Backstage handles SCM URLs within integrations permitted path traversal sequences, even when encoded. This allowed requests t...
Wiz + Spotify Backstage: Security at the Developer’s Desk
Bring Wiz Issues directly into Backstage, so developers can act on security issues in the tools they use everyday...
Important: Red Hat Security Advisory: Red Hat Developer Hub 1.8.2 release.
Red Hat Developer Hub 1.8.2 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...
Important: Red Hat Security Advisory: Red Hat Developer Hub 1.6.4 release.
Red Hat Developer Hub 1.6.4 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...