CNNVD-202601-3330 Information
CNNVD ID
CNNVD-202601-3330
Related CVE
- CNNVD Published: 2026-01-21
Description (Chinese)
Backstage是Backstage开源的一个应用软件。后台是一个开放的平台,用于构建开发者门户。 Backstage存在后置链接漏洞,该漏洞源于多个Scaffolder操作和存档提取工具容易受到基于符号链接的路径遍历攻击,可能导致读取、删除或写入任意文件。
Description (English)
Backstage is a Backstage open source application. The back desk is an open platform for building the developers ’ portal. Backstage has a backlink loophole, which stems from the vulnerability of multiple Scaffolder operations and archive extraction tools to all-round attacks based on a symbol link, which may lead to reading, deleting or writing into any file.
Hazard Level
Medium
Vulnerability Type
后置链接
Affected Vendor
Backstage
Published
2026-01-21
Last Modified
2026-02-24
References
https://github.com/backstage/backstage/commit/c641c147ab371a9a8a2f5f67fdb7cb9c97ef345d https://github.com/backstage/backstage/security/advisories/GHSA-rq6q-wr2q-7pgp
Patch
https://github.com/backstage/backstage/releases
Share on: