VYPR

npm package

@backstage/backend-defaults

pkg:npm/%40backstage/backend-defaults

Vulnerabilities (2)

  • CVE-2026-24048LowJan 21, 2026
    affected < 0.12.2fixed 0.12.2

    Backstage is an open framework for building developer portals, and @backstage/backend-defaults provides the default implementations and setup for a standard Backstage backend app. Prior to versions 0.12.2, 0.13.2, 0.14.1, and 0.15.0, the `FetchUrlReader` component, used by the ca

  • CVE-2026-24046HigJan 21, 2026
    affected < 0.12.2fixed 0.12.2

    Backstage is an open framework for building developer portals. Multiple Scaffolder actions and archive extraction utilities were vulnerable to symlink-based path traversal attacks. An attacker with access to create and execute Scaffolder templates could exploit symlinks to read a