6 matches found
CVE-2021-43783
@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. In affected versions a malicious actor with write access to a registered scaffolder template is able to manipulate the template in a way that writes files to arbitrary paths on the scaffolder-backend...
@backstage/plugin-scaffolder-backend-module-confluence-to-markdown (>=0.0.0-nightly-20230325022054 <=0.0.0-nightly-20230801022410), @backstage/plugin-scaffolder-backend-module-cookiecutter (>=0.0.0-nightly-2022122206 <=0.1.0) +3 more potentially affected by CVE-2021-43783 via @backstage/plugin-scaffolder-backend (>=0.0.0-nightly-20220708025041 <=0.14.2)
@backstage/plugin-scaffolder-backend NPM version =0.0.0-nightly-20220708025041, =0.0.0-nightly-20230325022054, =0.0.0-nightly-2022122206, =0.0.0-nightly-2022122206, =0.0.0-nightly-20230112022659, =0.0.0-nightly-2022122206, =0.0.0-nightly-20230123022600 Source cves: CVE-2021-43783 Source advisory:...
CVE-2021-43783
creationtimestamp| type| source ---|---|--- 2021-11-29 22:33:31+00:00| seen| https://t.me/cibsecurity/33053...
CVE-2021-43783
@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. In affected versions a malicious actor with write access to a registered scaffolder template is able to manipulate the template in a way that writes files to arbitrary paths on the scaffolder-backend...
CVE-2021-43783 Path Traversal in @backstage/plugin-scaffolder-backend
@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. In affected versions a malicious actor with write access to a registered scaffolder template is able to manipulate the template in a way that writes files to arbitrary paths on the scaffolder-backend...
CVE-2021-43783
CVE-2021-43783 affects the Backstage scaffolder backend: in affected versions, a malicious actor with write access to a registered scaffolder template can manipulate the template to write files to arbitrary paths on the scaffolder-backend host. In some cases, exploitation is possible via user inp...