CVE-2024-26150

Опубликовано: 23 фев. 2024

Источник: nvd

CVSS3: 8.7

CVSS3: 7.5

EPSS Низкий

Описание

@backstage/backend-common is a common functionality library for backends for Backstage, an open platform for building developer portals. In @backstage/backend-common prior to versions 0.21.1, 0.20.2, and 0.19.10, paths checks with the resolveSafeChildPath utility were not exhaustive enough, leading to risk of path traversal vulnerabilities if symlinks can be injected by attackers. This issue is patched in @backstage/backend-common versions 0.21.1, 0.20.2, and 0.19.10.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:linuxfoundation:backstage_backend-common:*:*:*:*:*:node.js:*:*

Версия до 0.19.10 (исключая)

cpe:2.3:a:linuxfoundation:backstage_backend-common:*:*:*:*:*:node.js:*:*

Версия от 0.20.0 (включая) до 0.20.2 (исключая)

cpe:2.3:a:linuxfoundation:backstage_backend-common:0.21.0:*:*:*:*:node.js:*:*

EPSS

Процентиль: 59%

0.00385

Низкий

8.7 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-22

Связанные уязвимости

CVE-2024-26150

CVSS3: 5.5

redhat

почти 2 года назад

`@backstage/backend-common` is a common functionality library for backends for Backstage, an open platform for building developer portals. In `@backstage/backend-common` prior to versions 0.21.1, 0.20.2, and 0.19.10, paths checks with the `resolveSafeChildPath` utility were not exhaustive enough, leading to risk of path traversal vulnerabilities if symlinks can be injected by attackers. This issue is patched in `@backstage/backend-common` versions 0.21.1, 0.20.2, and 0.19.10.

GHSA-2fc9-xpp8-2g9h

CVSS3: 8.7

github

почти 2 года назад

`@backstage/backend-common` vulnerable to path traversal through symlinks

EPSS

Процентиль: 59%

0.00385

Низкий

8.7 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-22