EUVD-2024-2722

Malicious code in bioql PyPI...

CVE-2021-32661

Backstage is an open platform for building developer portals. In versions of Backstage's Techdocs Plugin @backstage/plugin-techdocs prior to 0.9.5, a malicious internal actor can potentially upload documentation content with malicious scripts by embedding the script within an object element. This...

CVE-2021-32660

Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In versions of @backstage/tehdocs-common prior to 0.6.4, a malicious internal actor is able to upload documentation content with malicious scripts. These...

CVE-2021-32662

Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In @backstage/techdocs-common versions prior to 0.6.3, a malicious actor could read sensitive files from the environment where TechDocs documentation is buil...

Cross-site Scripting (XSS)

@backstage/plugin-techdocs-backend is vulnerable to Cross-Site Scripting XSS. The vulnerability is caused due to improper handling of content in TechDocs storage buckets, allowing an attacker to inject executable scripts that are executed in the victim's browser when viewing documentation or...

CVE-2024-46976

A flaw was found in the backstage/plugin-techdocs-backend package. An attacker with control of the contents of the TechDocs storage buckets may be able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when browsing documentation or navigating to a...

GHSA-5J94-F3MF-8685 @backstage/plugin-techdocs-backend vulnerable to circumvention of cross site scripting protection

Impact An attacker with control of the contents of the TechDocs storage buckets is able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when browsing documentation or navigating to an attacker provided link. Patches This has been fixed in the...

@backstage/plugin-techdocs-backend vulnerable to circumvention of cross site scripting protection

Impact An attacker with control of the contents of the TechDocs storage buckets is able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when browsing documentation or navigating to an attacker provided link. Patches This has been fixed in the...

CVE-2024-46976

Backstage is an open framework for building developer portals. An attacker with control of the contents of the TechDocs storage buckets is able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when browsing documentation or navigating to an attack...

CVE-2024-45816 Storage bucket Directory Traversal in @backstage/plugin-techdocs-backend

Backstage is an open framework for building developer portals. When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks...

CVE-2024-45816 Storage bucket Directory Traversal in @backstage/plugin-techdocs-backend

Backstage is an open framework for building developer portals. When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks...

CVE-2024-45816 Storage bucket Directory Traversal in @backstage/plugin-techdocs-backend

Backstage is an open framework for building developer portals. When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks...

CVE-2024-46976 Circumvention of cross site scripting Protection in @backstage/plugin-techdocs-backend

Backstage is an open framework for building developer portals. An attacker with control of the contents of the TechDocs storage buckets is able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when browsing documentation or navigating to an attack...

CVE-2024-46976

CVE-2024-46976 affects the Backstage framework, specifically the @backstage/plugin-techdocs-backend . The root cause is that attacker-controlled content in the TechDocs storage buckets can inject executable scripts into TechDocs content, which then execute in a victim’s browser when documentation...

CVE-2024-46976 Circumvention of cross site scripting Protection in @backstage/plugin-techdocs-backend

Backstage is an open framework for building developer portals. An attacker with control of the contents of the TechDocs storage buckets is able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when browsing documentation or navigating to an attack...

CVE-2024-46976 Circumvention of cross site scripting Protection in @backstage/plugin-techdocs-backend

Backstage is an open framework for building developer portals. An attacker with control of the contents of the TechDocs storage buckets is able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when browsing documentation or navigating to an attack...

Backstage 安全漏洞

Backstage is a Backstage open source application. Backstage is an open platform for building developer portals. A security vulnerability exists in versions prior to Backstage 1.10.13 that stems from the possibility of accessing the contents of an entire storage bucket when using AWS S3 or GCS...

Backstage 安全漏洞

Backstage is a Backstage open source application. Backstage is an open platform for building developer portals. Backstage 1.10.13 security vulnerability , the vulnerability stems from the TechDocs storage bucket content controlled by an attacker , able to inject in the TechDocs content can be...

PT-2024-9770 · Unknown · @Backstage/Plugin-Techdocs-Backend

Name of the Vulnerable Software and Affected Versions: @backstage/plugin-techdocs-backend versions prior to 1.10.13 Description: The issue allows an attacker with control of the TechDocs storage buckets to inject executable scripts in the TechDocs content. These scripts will be executed in the...

PT-2024-9768 · Google +2 · Gcs +2

Name of the Vulnerable Software and Affected Versions: @backstage/plugin-techdocs-backend versions prior to 1.10.13 Description: The issue is related to the Backstage platform, an open framework for building developer portals. When using the AWS S3 or GCS storage provider for TechDocs, it is...