3 matches found
CVE-2023-35926 Insecure sandbox in Backstage Scaffolder plugin
Backstage is an open platform for building developer portals. The Backstage scaffolder-backend plugin uses a templating library that requires sandbox, as it by design allows for code injection. The library used for this sandbox so far has been vm2, but in light of several past vulnerabilities and...
CVE-2023-35926 Insecure sandbox in Backstage Scaffolder plugin
Backstage is an open platform for building developer portals. The Backstage scaffolder-backend plugin uses a templating library that requires sandbox, as it by design allows for code injection. The library used for this sandbox so far has been vm2, but in light of several past vulnerabilities and...
CVE-2023-35926
The CVE-2023-35926 issue affects Backstage: the scaffolder-backend plugin used a sandboxed templating library that previously relied on vm2 and recently switched to a different sandbox. The vulnerability arises when a malicious actor with write access to a registered scaffolder template can manip...