95 matches found
Design/Logic Flaw
Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In @backstage/techdocs-common versions prior to 0.6.3, a malicious actor could read sensitive files from the environment where TechDocs documentation is buil...
CVE-2021-32662 TechDocs mkdocs.yml path traversal
Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In @backstage/techdocs-common versions prior to 0.6.3, a malicious actor could read sensitive files from the environment where TechDocs documentation is buil...
CVE-2021-32662
In CVE-2021-32662, the npm package @backstage/techdocs-common (versions before 0.6.3) is affected by a path traversal vulnerability via mkdocs.yml: an attacker who can modify docs_dir in the documentation source and access the TechDocs backend could read sensitive files from the build environment...
CVE-2021-32661
Backstage is an open platform for building developer portals. In versions of Backstage's Techdocs Plugin @backstage/plugin-techdocs prior to 0.9.5, a malicious internal actor can potentially upload documentation content with malicious scripts by embedding the script within an object element. This...
CVE-2021-32661
Backstage is an open platform for building developer portals. In versions of Backstage's Techdocs Plugin @backstage/plugin-techdocs prior to 0.9.5, a malicious internal actor can potentially upload documentation content with malicious scripts by embedding the script within an object element. This...
Design/Logic Flaw
Backstage is an open platform for building developer portals. In versions of Backstage's Techdocs Plugin @backstage/plugin-techdocs prior to 0.9.5, a malicious internal actor can potentially upload documentation content with malicious scripts by embedding the script within an object element. This...
CVE-2021-32661
CVE-2021-32661 affects Backstage’s Techdocs Plugin, prior to version 0.9.5. A malicious internal actor could upload documentation content embedding a malicious script inside an HTML element, potentially accessing sensitive data when other users view the page. The root cause is improper handling ...
CVE-2021-32661 TechDocs object element script injection
Backstage is an open platform for building developer portals. In versions of Backstage's Techdocs Plugin @backstage/plugin-techdocs prior to 0.9.5, a malicious internal actor can potentially upload documentation content with malicious scripts by embedding the script within an object element. This...
CVE-2021-32660
Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In versions of @backstage/tehdocs-common prior to 0.6.4, a malicious internal actor is able to upload documentation content with malicious scripts. These...
CVE-2021-32660
Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In versions of @backstage/tehdocs-common prior to 0.6.4, a malicious internal actor is able to upload documentation content with malicious scripts. These...
Design/Logic Flaw
Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In versions of @backstage/tehdocs-common prior to 0.6.4, a malicious internal actor is able to upload documentation content with malicious scripts. These...
CVE-2021-32660 TechDocs content sanitization bypass
Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In versions of @backstage/tehdocs-common prior to 0.6.4, a malicious internal actor is able to upload documentation content with malicious scripts. These...
CVE-2021-32660
Backstage TechDocs: In @backstage/techdocs-common versions before 0.6.4, an internal actor can upload content containing malicious scripts. The scripts bypass frontend sanitization when content is viewed via the TechDocs API, potentially exposing sensitive data if the API shares origin with the B...
backstage 代码问题漏洞
Backstage is an open platform for building developer portals, and techdocs common contains the common features of Backstage's techdocs. An unspecified vulnerability exists in Backstage. An attacker can exploit the vulnerability to access sensitive data...
Techdocs-common 路径遍历漏洞
NPM Techdocs-common is a package from npm USA. A path traversal vulnerability exists in Techdocs-common, which allows an attacker to read sensitive files from the environment where TechDocs documents are built and distributed by setting a specific path to "docsdir" in "mkdocs.yml"...