8.7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
6.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%
@backstage/backend-common is vulnerable to Path Traversal. The vulnerability is due to improper path checks in the resolveSafeChildPath()
function within paths.ts
. Attackers could exploit this weakness to conduct path traversal attacks if they can inject symlink paths.
github.com/backstage/backstage/commit/1ad2b1b61ebb430051f7d804b0cc7ebfe7922b6f
github.com/backstage/backstage/commit/78f892b3a84d63de2ba167928f171154c447b717
github.com/backstage/backstage/commit/edf65d7d31e027599c2415f597d085ee84807871
github.com/backstage/backstage/security/advisories/GHSA-2fc9-xpp8-2g9h
8.7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
6.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%