Lucene search
Veracode Vulnerability DatabaseVERACODE:33133HistoryNov 30, 2021 - 3:27 a.m.
Path Traversal
2021-11-3003:27:21
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
path traversal
vulnerability
software
user input
template manipulation
file injection
EPSS
0.001
Percentile
32.5%
@backstage/plugin-scaffolder-backend is vulnerable to path traversal. An attacker with access to a registered scaffolder template can manipulate the template by writing files to arbitrary paths on the scaffolder-backend host instance. The vulnerability can be exploited through the user input when executing a template. This method will allow the attacker to control the content of the injected file, unless the template is also crafted in a way that gives control of the file contents.
Related
osv
osv
Path Traversal in @backstage/plugin-scaffolder-backend
2021-12-01 18:28:51
CVE-2021-43783
2021-11-29 20:15:08
github
github
Path Traversal in @backstage/plugin-scaffolder-backend
2021-12-01 18:28:51
cve
cve
CVE-2021-43783
2021-11-29 20:15:08
cnvd
cnvd
backstage path traversal vulnerability
2021-12-01 00:00:00
cvelist
cvelist
CVE-2021-43783 Path Traversal in @backstage/plugin-scaffolder-backend
2021-11-29 19:20:09
prion
prion
Design/Logic Flaw
2021-11-29 20:15:00
nvd
nvd
CVE-2021-43783
2021-11-29 20:15:08