CNNVD-202601-3326 Information
CNNVD ID
CNNVD-202601-3326
Related CVE
- CNNVD Published: 2026-01-21
Description (Chinese)
Backstage是Backstage开源的一个应用软件。后台是一个开放的平台,用于构建开发者门户。 Backstage 0.12.2之前版本、0.13.2之前版本、0.14.1之前版本和0.15.0之前版本存在代码问题漏洞,该漏洞源于FetchUrlReader组件自动跟随HTTP重定向,可能绕过URL白名单安全控制,导致服务器端请求伪造攻击。
Description (English)
Backstage is a Backstage open source application. The back desk is an open platform for building the developers ’ portal. Before Backstage 0.12.2, before 0.13.2, before 0.14.1 and before 0.15.0, there was a code gap, which resulted from the automatic re-direction of the FetchurReader component to HTTP, which could bypass the security controls of the UTL white list, leading the server to request a false attack.
Hazard Level
Critical
Vulnerability Type
代码问题
Affected Vendor
Backstage
Published
2026-01-21
Last Modified
2026-02-24
References
https://github.com/backstage/backstage/commit/27f9061d24affd1b9212fe0abd476bfc3fbaedcb https://github.com/backstage/backstage/security/advisories/GHSA-q2x5-4xjx-c6p9
Patch
https://github.com/backstage/backstage/releases
Share on: