CNNVD-202601-3329 Information

CNNVD ID

CNNVD-202601-3329

Related CVE

CVE-2026-24047

• CNNVD Published: 2026-01-21

Description (Chinese)

Backstage是Backstage开源的一个应用软件。后台是一个开放的平台,用于构建开发者门户。 Backstage存在安全漏洞，该漏洞源于resolveSafeChildPath实用函数未能正确验证符号链接链和悬空符号链接，可能导致绕过路径验证。

Description (English)

Backstage is a Backstage open source application. The back desk is an open platform for building the developers ’ portal. Backstage has a security loophole, which stems from the failure of the functional function of resolveSafechildPath to correctly verify the symbol link and the staggered symbol link, which may lead to a bypass path validation.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Backstage

Published

2026-01-21

Last Modified

2026-02-24

References

https://github.com/backstage/backstage/commit/ae4dd5d1572a4f639e1a466fd982656b50f8e692 https://github.com/backstage/backstage/security/advisories/GHSA-2p49-45hj-7mc9

Patch

https://github.com/backstage/backstage/releases