VYPR

npm package

@backstage/backend-app-api

pkg:npm/%40backstage/backend-app-api

Vulnerabilities (1)

  • CVE-2023-6944Jan 4, 2024
    affected < 0.5.9-next.1fixed 0.5.9-next.1

    A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access