References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Change History

Backstage is an open framework for building developer portals. Configuration supplied through APP_CONFIG_* environment variables, for example APP_CONFIG_backend_listen_port=7007, where unexpectedly ignoring the visibility defined in configuration schema. This occurred even if the configuration schema specified that they should have backend or secret visibility. This was an intended feature of the APP_CONFIG_* way of supplying configuration, but now clearly goes against the expected behavior of t

GitHub, Inc. AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

GitHub, Inc. CWE-440

GitHub, Inc. https://github.com/backstage/backstage/commit/323e6129073c5cb4cc106a1239eaec31a129554f [No types assigned]

GitHub, Inc. https://github.com/backstage/backstage/security/advisories/GHSA-qc4v-xq2m-65wc [No types assigned]