GHSA-928R-FM4V-MVRW TechDocs Mkdocs Configuration Key Enables Arbitrary Code Execution

Impact This is a configuration bypass vulnerability that enables arbitrary code execution. The @backstage/plugin-techdocs-node package uses an allowlist to filter dangerous MkDocs configuration keys during the documentation build process. A gap in this allowlist allows attackers to craft an...

EUVD-2021-1373

Malware in sbrugna...

EUVD-2021-1371

Malware in sbrugna...

EUVD-2024-2722

Malicious code in bioql PyPI...

CVE-2021-32660

Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In versions of @backstage/tehdocs-common prior to 0.6.4, a malicious internal actor is able to upload documentation content with malicious scripts. These...

CVE-2021-32662

Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In @backstage/techdocs-common versions prior to 0.6.3, a malicious actor could read sensitive files from the environment where TechDocs documentation is buil...

Cross-site Scripting (XSS)

@backstage/plugin-techdocs-backend is vulnerable to Cross-Site Scripting XSS. The vulnerability is caused due to improper handling of content in TechDocs storage buckets, allowing an attacker to inject executable scripts that are executed in the victim's browser when viewing documentation or...