1 year ago

https://backstage.io/ the open source internal developer portal created by https://thenewstack.io/how-spotlify-adopted-platform-engineering-culture/ has been adopted by American Airlines, Fidelity Investments, Netflix, https://tanzu.vmware.com?utm_content=inline-mention and other enterprises. In mid-February, https://nvd.nist.gov/vuln/detail/CVE-2023-25571 in the https://thenewstack.io/spotifys-backstage-a-strategic-guide/ Software Catalog, which could allow an attacker to inject malicious code into the application. The vulnerability is caused by insufficient input validation of user-supplied data, specifically in the search functionality of the catalog.

As a result, an attacker can inject malicious scripts into the page that will execute in the browser of anyone who visits the affected page.

This can prevent attackers from executing malicious scripts or injecting malicious code into a page.