Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
TechDocs mkdocs.yml path traversal
Vulnerability Description
Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In `@backstage/techdocs-common` versions prior to 0.6.3, a malicious actor could read sensitive files from the environment where TechDocs documentation is built and published by setting a particular path for `docs_dir` in `mkdocs.yml`. These files would then be available over the TechDocs backend API. This vulnerability is mitigated by the fact that an attacker would need access to modify the `mkdocs.yml` in the documentation source code, and would also need access to the TechDocs backend API. The vulnerability is patched in the `0.6.3` release of `@backstage/techdocs-common`.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Techdocs-common 路径遍历漏洞
Vulnerability Description
NPM Techdocs-common是美国npm(NPM)公司的一个软件包。 Techdocs-common 存在路径遍历漏洞,攻击者可以通过在"mkdocs.yml" 中为"docs_dir"设置特定路径,从构建和发布 TechDocs 文档的环境中读取敏感文件。
CVSS Information
N/A
Vulnerability Type
N/A