CVE-2024-26150
CVSS V2 None
CVSS V3 None
Description
`@backstage/backend-common` is a common functionality library for backends for Backstage, an open platform for building developer portals. In `@backstage/backend-common` prior to versions 0.21.1, 0.20.2, and 0.19.10, paths checks with the `resolveSafeChildPath` utility were not exhaustive enough, leading to risk of path traversal vulnerabilities if symlinks can be injected by attackers. This issue is patched in `@backstage/backend-common` versions 0.21.1, 0.20.2, and 0.19.10.
Overview
- CVE ID
- CVE-2024-26150
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-02-23T15:46:35.731Z
- Last Modified Date
- 2024-06-04T17:48:21.482Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://github.com/backstage/backstage/security/advisories/GHSA-2fc9-xpp8-2g9h | x_refsource_CONFIRM |
https://github.com/backstage/backstage/commit/1ad2b1b61ebb430051f7d804b0cc7ebfe7922b6f | x_refsource_MISC |
https://github.com/backstage/backstage/commit/78f892b3a84d63de2ba167928f171154c447b717 | x_refsource_MISC |
https://github.com/backstage/backstage/commit/edf65d7d31e027599c2415f597d085ee84807871 | x_refsource_MISC |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-26150 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26150 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-06-26 00:25:47 | Added to TrackCVE |