Insecure sandbox in Backstage Scaffolder plugin
Description
Backstage is an open platform for building developer portals. The Backstage scaffolder-backend plugin uses a templating library that requires sandbox, as it by design allows for code injection. The library used for this sandbox so far has been vm2, but in light of several past vulnerabilities and existing vulnerabilities that may not have a fix, the plugin has switched to using a different sandbox library. A malicious actor with write access to a registered scaffolder template could manipulate the template in a way that allows for remote code execution on the scaffolder-backend instance. This was only exploitable in the template YAML definition itself and not by user input data. This is vulnerability is fixed in version 1.15.0 of @backstage/plugin-scaffolder-backend.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@backstage/plugin-scaffolder-backendnpm | < 1.15.0 | 1.15.0 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-wg6p-jmpc-xjmrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-35926ghsaADVISORY
- github.com/backstage/backstage/commit/fb7375507d56faedcb7bb3665480070593c8949aghsax_refsource_MISCWEB
- github.com/backstage/backstage/releases/tag/v1.15.0ghsax_refsource_MISCWEB
- github.com/backstage/backstage/security/advisories/GHSA-wg6p-jmpc-xjmrghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.