Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2023-35926

Good to know:

icon
icon

Date: June 22, 2023

Backstage is an open platform for building developer portals. The Backstage scaffolder-backend plugin uses a templating library that requires sandbox, as it by design allows for code injection. The library used for this sandbox so far has been "vm2", but in light of several past vulnerabilities and existing vulnerabilities that may not have a fix, the plugin has switched to using a different sandbox library. A malicious actor with write access to a registered scaffolder template could manipulate the template in a way that allows for remote code execution on the scaffolder-backend instance. This was only exploitable in the template YAML definition itself and not by user input data. This is vulnerability is fixed in version 1.15.0 of "@backstage/plugin-scaffolder-backend".

Language: TYPE_SCRIPT

Severity Score

Related Resources (6)

https://github.com/backstage/backstage
https://github.com/backstage/backstage/commit/fb7375507d56faedcb7bb3665480070593c8949a
https://github.com/backstage/backstage/security/advisories/GHSA-wg6p-jmpc-xjmr
https://github.com/backstage/backstage/releases/tag/v1.15.0
https://nvd.nist.gov/vuln/detail/CVE-2023-35926
https://www.mend.io/vulnerability-database/CVE-2023-35926

Severity Score

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

Top Fix

icon

Upgrade Version

Upgrade to version @backstage/plugin-scaffolder-backend - 1.15.0

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): HIGH
User Interaction (UI): NONE
Scope (S): CHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

Do you need more information?

Contact Us