EPSS
Percentile
44.4%
@backstage/techdocs-common is vulnerable to directory traversal. An attacker can read arbitrary system files from the environment where TechDocs documentation is built and published by setting a particular path for docs_dir in mkdocs.yml.
docs_dir
mkdocs.yml
github.com/advisories/GHSA-pgf8-28gg-vpr6
github.com/backstage/backstage/commit/8cefadca04cbf01d0394b0cb1983247e5f1d6208
github.com/backstage/backstage/releases/tag/release-2021-05-27
github.com/backstage/backstage/security/advisories/GHSA-pgf8-28gg-vpr6