A vulnerability, which was classified as critical, was found in backstage backend-common up to 0.19.9/0.20.1/0.21.0. This affects the function
resolveSafeChildPath
. The manipulation leads to path traversal.
This vulnerability is uniquely identified as CVE-2024-26150. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.