Security Advisory

CVE-2024-26150

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-02-23 15:46:35

Last updated 2024-08-01 23:59:32

Assigner GitHub_M

State PUBLISHED

Description

`@backstage/backend-common` is a common functionality library for backends for Backstage, an open platform for building developer portals. In `@backstage/backend-common` prior to versions 0.21.1, 0.20.2, and 0.19.10, paths checks with the `resolveSafeChildPath` utility were not exhaustive enough, leading to risk of path traversal vulnerabilities if symlinks can be injected by attackers. This issue is patched in `@backstage/backend-common` versions 0.21.1, 0.20.2, and 0.19.10.

← Browse all CVEs View on cve.org ↗