Skip to main content

Backstage CVE-2023-35926

CRITICAL
Code Injection (CWE-94)
2023-06-22 security-advisories@github.com
9.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.9 CRITICAL
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 22, 2023 - 14:15 nvd
CRITICAL 9.9

DescriptionNVD

Backstage is an open platform for building developer portals. The Backstage scaffolder-backend plugin uses a templating library that requires sandbox, as it by design allows for code injection. The library used for this sandbox so far has been vm2, but in light of several past vulnerabilities and existing vulnerabilities that may not have a fix, the plugin has switched to using a different sandbox library. A malicious actor with write access to a registered scaffolder template could manipulate the template in a way that allows for remote code execution on the scaffolder-backend instance. This was only exploitable in the template YAML definition itself and not by user input data. This is vulnerability is fixed in version 1.15.0 of @backstage/plugin-scaffolder-backend.

AnalysisAI

Backstage is an open platform for building developer portals. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Technical ContextAI

This vulnerability is classified as Code Injection (CWE-94), which allows attackers to inject and execute arbitrary code within the application. Backstage is an open platform for building developer portals. The Backstage scaffolder-backend plugin uses a templating library that requires sandbox, as it by design allows for code injection. The library used for this sandbox so far has been vm2, but in light of several past vulnerabilities and existing vulnerabilities that may not have a fix, the plugin has switched to using a different sandbox library. A malicious actor with write access to a registered scaffolder template could manipulate the template in a way that allows for remote code execution on the scaffolder-backend instance. This was only exploitable in the template YAML definition itself and not by user input data. This is vulnerability is fixed in version 1.15.0 of @backstage/plugin-scaffolder-backend. Affected products include: Linuxfoundation Backstage. Version information: version 1.15.0.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Never evaluate user-controlled input as code. Use sandboxing, disable dangerous functions, apply strict input validation.

CVE-2026-25153 HIGH
8.8 Jan 30

Arbitrary Python code execution in Backstage's @backstage/plugin-techdocs-node (versions < 1.13.11 and = 1.14.0) lets a

CVE-2021-43783 HIGH
8.5 Nov 29

@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. Rated high severity (C

CVE-2024-45816 MEDIUM
6.5 Sep 17

Backstage is an open framework for building developer portals. Rated medium severity (CVSS 6.5), this vulnerability is r

CVE-2024-45815 MEDIUM
6.5 Sep 17

Backstage is an open framework for building developer portals. Rated medium severity (CVSS 6.5), this vulnerability is r

CVE-2021-32662 MEDIUM
6.5 Jun 03

Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Ba

CVE-2023-6944 MEDIUM
5.7 Jan 04

A flaw was found in the Red Hat Developer Hub (RHDH). Rated medium severity (CVSS 5.7), this vulnerability is remotely e

CVE-2024-46976 MEDIUM
5.4 Sep 17

Backstage is an open framework for building developer portals. Rated medium severity (CVSS 5.4), this vulnerability is r

CVE-2026-25152 MEDIUM
5.3 Jan 30

Backstage TechDocs plugin versions prior to 1.13.11 and 1.14.1 contain a path traversal vulnerability that allows authen

CVE-2021-41151 MEDIUM
4.9 Oct 18

Backstage is an open platform for building developer portals. Rated medium severity (CVSS 4.9), this vulnerability is re

CVE-2026-32236 LOW
1.7 Mar 12

### Impact

Share

CVE-2023-35926 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy