Advisories for Npm/@Backstage/Cli-Common package

The resolveSafeChildPath utility function in @backstage/backend-plugin-api, which is used to prevent path traversal attacks, failed to properly validate symlink chains and dangling symlinks. An attacker could bypass the path validation by: Symlink chains: Creating link1 → link2 → /outside where intermediate symlinks eventually resolve outside the allowed directory Dangling symlinks: Creating symlinks pointing to non-existent paths outside the base directory, which would later be created during file operations This function …