EUVD-2026-11675

@backstage/plugin-scaffolder-backend: Possible exposure of defaultEnvironment secrets using dry-run endpoint...

@backstage/backend-dynamic-feature-service (>=0.0.0-nightly-20241120023536 <=0.5.1-next.0), @backstage/plugin-scaffolder-backend (>=0.0.0-nightly-20241120023536 <=1.28.0-next.0) +11 more potentially affected by CVE-2024-53983 via @backstage/plugin-scaffolder-node (>=0.6.0 <=0.6.1-next.0)

@backstage/plugin-scaffolder-node NPM version =0.6.0, =0.0.0-nightly-20241120023536, =0.0.0-nightly-20241120023536, =0.0.0-nightly-20241120023536, =0.1.16-next.0 Source cves: CVE-2024-53983 Source advisory: OSV:GHSA-QMC2-JPR5-7RG9...

CVE-2024-53983 Server-side request forgery in Backstage Scaffolder plugin

The Backstage Scaffolder plugin Houses types and utilities for building scaffolder-related modules. A vulnerability is identified in Backstage Scaffolder template functionality where Server-Side Template Injection SSTI can be exploited to perform Git config injection. The vulnerability allows an...

Arbitrary Code Injection

@backstage/plugin-scaffolder-backend is vulnerable to Arbitrary Code Injection. The vulnerability exists due to sandbox bypass in ScaffolderEntitiesProcessor.js, which allows an attacker with write access to a registered scaffolder template to inject code through the YAML template definition...

CVE-2023-35926

Backstage is an open platform for building developer portals. The Backstage scaffolder-backend plugin uses a templating library that requires sandbox, as it by design allows for code injection. The library used for this sandbox so far has been vm2, but in light of several past vulnerabilities and...

PT-2023-25385 · Npm · @Backstage/Plugin-Scaffolder-Backend

Name of the Vulnerable Software and Affected Versions: @backstage/plugin-scaffolder-backend versions prior to 1.15.0 Description: The Backstage scaffolder-backend plugin uses a templating library that requires a sandbox, allowing for code injection. A malicious actor with write access to a...

RCE vulnerability affecting v1beta3 templates in @backstage/plugin-scaffolder-backend

The templating library used by the scaffolder backend assumes that templates are trusted which is an undesired property of the scaffolder-backend. This has now been mitigated by sandboxing the template code execution. Impact A malicious actor with write access to a registered scaffolder template...

Path Traversal in @backstage/plugin-scaffolder-backend

Impact A malicious actor with write access to a registered scaffolder template is able to manipulate the template in a way that writes files to arbitrary paths on the scaffolder-backend host instance. This vulnerability can in some situation also be exploited through user input when executing a...

CVE-2021-43783 Path Traversal in @backstage/plugin-scaffolder-backend

@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. In affected versions a malicious actor with write access to a registered scaffolder template is able to manipulate the template in a way that writes files to arbitrary paths on the scaffolder-backend...

CVE-2021-41151

Backstage is an open platform for building developer portals. In affected versions A malicious actor could read sensitive files from the environment where Scaffolder Tasks are run. The attack is executed by crafting a custom Scaffolder template with a github:publish:pull-request action and a...