CVE-2026-29184

Backstage is an open framework for building developer portals. Prior to version 3.1.4, a malicious scaffolder template can bypass the log redaction mechanism to exfiltrate secrets provided run through task event logs. This issue has been patched in version 3.1.4...

CVE-2026-29184

Backstage is an open framework for building developer portals. Prior to version 3.1.4, a malicious scaffolder template can bypass the log redaction mechanism to exfiltrate secrets provided run through task event logs. This issue has been patched in version 3.1.4...

CVE-2026-29184 @backstage/plugin-scaffolder-backend: Potential Session Token Exfiltration via Log Redaction Bypass

Backstage is an open framework for building developer portals. Prior to version 3.1.4, a malicious scaffolder template can bypass the log redaction mechanism to exfiltrate secrets provided run through task event logs. This issue has been patched in version 3.1.4...

PT-2026-23439

Name of the Vulnerable Software and Affected Versions Backstage versions prior to 3.1.4 Description Backstage is a framework for building developer portals. A malicious scaffolder template can bypass the log redaction mechanism, potentially exposing secrets provided through task event logs. The...

EUVD-2021-2554

Malware in sbrugna...

EUVD-2023-1899

Malicious code in bioql PyPI...

CVE-2021-43783

@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. In affected versions a malicious actor with write access to a registered scaffolder template is able to manipulate the template in a way that writes files to arbitrary paths on the scaffolder-backend...

GHSA-MG3M-F475-28HV Path Traversal in @backstage/plugin-scaffolder-backend

Impact A malicious actor with write access to a registered scaffolder template is able to manipulate the template in a way that writes files to arbitrary paths on the scaffolder-backend host instance. This vulnerability can in some situation also be exploited through user input when executing a...

Path Traversal in @backstage/plugin-scaffolder-backend

Impact A malicious actor could read sensitive files from the environment where Scaffolder tasks are run. The attack is executed by crafting a custom Scaffolder template with a publish:github:pull-request action using a particular source path. When the template is executed the sensitive files woul...

GHSA-PVV8-8FX9-H673 Path Traversal in @backstage/plugin-scaffolder-backend

Impact A malicious actor could read sensitive files from the environment where Scaffolder tasks are run. The attack is executed by crafting a custom Scaffolder template with a publish:github:pull-request action using a particular source path. When the template is executed the sensitive files woul...

CVE-2021-41151

Backstage is an open platform for building developer portals. In affected versions A malicious actor could read sensitive files from the environment where Scaffolder Tasks are run. The attack is executed by crafting a custom Scaffolder template with a github:publish:pull-request action and a...

backstage 路径遍历漏洞

backstage is a software application. Backstage is an open platform for building developer portals Backstage suffers from a path traversal vulnerability that stems from the ability to read sensitive files from an environment running Scaffolder Tasks. The attack is executed by crafting a custom...