“We reported this RCE vulnerability via Spotify’s bug bounty program, and the Backstage team responded rapidly by patching it in version 1.5.1,” Oxeye wrote in an advisory published earlier today.