CVE-2024-26150 | backstage backend-common up to 0.19.9/0.20.1/0.21.0 resolveSafeChildPath path traversal (GHSA-2fc9-xpp8-2g9h)

Inserito da Angelo Barbosa | Feb 23, 2024 | CVE

A vulnerability, which was classified as critical, was found in backstage backend-common up to 0.19.9/0.20.1/0.21.0. This affects the function resolveSafeChildPath. The manipulation leads to path traversal.

This vulnerability is uniquely identified as CVE-2024-26150. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-26150 | backstage backend-common up to 0.19.9/0.20.1/0.21.0 resolveSafeChildPath path traversal (GHSA-2fc9-xpp8-2g9h)

Post correlati

CVE-2024-51252 | Draytek Vigor 3900 1.5.1.3 mainfunction.cgi restore command injection

CVE-2024-2848 | Responsive Plugin up to 5.0.2 on WordPress cross site scripting

CVE-2024-37428 | Themesgrove WidgetKit Plugin up to 2.5.0 on WordPress cross site scripting

CVE-2024-3686 | DedeCMS 5.7.112-UTF8 update_guide.php files path traversal