@backstage/plugin-techdocs (>=0.0.0-nightly-2021242250 <=0.0.0-nightly-2020112923923), @backstage/plugin-techdocs-backend (>=0.0.0-nightly-2021112332 <=0.14.1) +1 more potentially affected by unknown CVE via @backstage/techdocs-common (>=0.0.0-nightly-20220923026 <=0.11.15)

@backstage/techdocs-common NPM version =0.0.0-nightly-20220923026, =0.0.0-nightly-2021242250, =0.0.0-nightly-2021112332, =0.0.0-nightly-2022122206, =0.8.16 Source cves: unknown CVE Source advisory: OSV:GHSA-4JQC-JVH2-PXG9...

@backstage-community/plugin-techdocs-backend-module-confluence (>=0.2.0 <=0.2.1), @backstage/plugin-search-backend-module-techdocs (>=0.0.0-nightly-20230323021924 <=0.4.14-next.1) +12 more potentially affected by unknown CVE via @backstage/plugin-techdocs-node (>=0.0.0-nightly-20220315022536 <=1.1.2-next.2)

@backstage/plugin-techdocs-node NPM version =0.0.0-nightly-20220315022536, =0.2.0, =0.0.0-nightly-20230323021924, =0.0.0-nightly-202111212297, =0.0.0-nightly-20220305022735, =1.0.0, =1.6.0, =0.0.4, =1.9.1, =1.0.1, =1.0.1, =0.0.0-nightly-2022122206, =0.1.5, =0.1.2, =1.1.0 Source cves: unknown CVE...

@backstage/plugin-catalog (>=0.0.0-nightly-202011242419 <=0.2.9), @backstage/plugin-techdocs (>=0.0.0-nightly-2021242250 <=0.7.0) +2 more potentially affected by CVE-2021-32660 via @backstage/techdocs-common (>=0.0.0-nightly-20220923026 <=0.5.1)

@backstage/techdocs-common NPM version =0.0.0-nightly-20220923026, =0.0.0-nightly-202011242419, =0.0.0-nightly-2021242250, =0.0.0-nightly-2021112332, =0.0.0-nightly-2022122206, =0.8.16 Source cves: CVE-2021-32660 Source advisory: OSV:GHSA-PWHF-39XG-4RXW...

Path traversal

Impact A malicious actor could read sensitive files from the environment where TechDocs documentation is built and published by setting a particular path for docsdir in mkdocs.yml. These files would then be available over the TechDocs backend API. This vulnerability is mitigated by the fact that ...

@backstage/plugin-catalog (>=0.0.0-nightly-202011242419 <=0.2.9), @backstage/plugin-techdocs (>=0.0.0-nightly-2021242250 <=0.7.0) +2 more potentially affected by CVE-2021-32662 via @backstage/techdocs-common (>=0.0.0-nightly-20220923026 <=0.5.1)

@backstage/techdocs-common NPM version =0.0.0-nightly-20220923026, =0.0.0-nightly-202011242419, =0.0.0-nightly-2021242250, =0.0.0-nightly-2021112332, =0.0.0-nightly-2022122206, =0.8.16 Source cves: CVE-2021-32662 Source advisory: OSV:GHSA-PGF8-28GG-VPR6...

GHSA-PGF8-28GG-VPR6 Path traversal

Impact A malicious actor could read sensitive files from the environment where TechDocs documentation is built and published by setting a particular path for docsdir in mkdocs.yml. These files would then be available over the TechDocs backend API. This vulnerability is mitigated by the fact that ...

CVE-2021-32662 TechDocs mkdocs.yml path traversal

Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In @backstage/techdocs-common versions prior to 0.6.3, a malicious actor could read sensitive files from the environment where TechDocs documentation is buil...

Techdocs-common 路径遍历漏洞

NPM Techdocs-common is a package from npm USA. A path traversal vulnerability exists in Techdocs-common, which allows an attacker to read sensitive files from the environment where TechDocs documents are built and distributed by setting a specific path to "docsdir" in "mkdocs.yml"...