Backstage Catalog Model Linux Foundation Backstage Catalog Model

Do you want an email whenever new security vulnerabilities are reported in Linux Foundation Backstage Catalog Model?

By the Year

In 2024 there have been 0 vulnerabilities in Linux Foundation Backstage Catalog Model . Last year Backstage Catalog Model had 1 security vulnerability published. Right now, Backstage Catalog Model is on track to have less security vulnerabilities in 2024 than it did last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 1 5.40
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Backstage Catalog Model vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Linux Foundation Backstage Catalog Model Security Vulnerabilities

Backstage is an open platform for building developer portals

CVE-2023-25571 5.4 - Medium - February 14, 2023

Backstage is an open platform for building developer portals. `@backstage/catalog-model` prior to version 1.2.0, `@backstage/core-components` prior to 0.12.4, and `@backstage/plugin-catalog-backend` prior to 1.7.2 are affected by a cross-site scripting vulnerability. This vulnerability allows a malicious actor with access to add or modify content in an instance of the Backstage software catalog to inject script URLs in the entities stored in the catalog. If users of the catalog then click on said URLs, that can lead to an XSS attack. This vulnerability has been patched in both the frontend and backend implementations. The default `Link` component from `@backstage/core-components` version 1.2.0 and greater will now reject `javascript:` URLs, and there is a global override of `window.open` to do the same. In addition, the catalog model v0.12.4 and greater as well as the catalog backend v1.7.2 and greater now has additional validation built in that prevents `javascript:` URLs in known annotations. As a workaround, the general practice of limiting access to modifying catalog content and requiring code reviews greatly help mitigate this vulnerability.

XSS

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Linux Foundation Backstage Catalog Model or by Linux Foundation? Click the Watch button to subscribe.

subscribe