npm package
@backstage/plugin-catalog-backend
pkg:npm/%40backstage/plugin-catalog-backend
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-45815 | — | < 1.26.0 | 1.26.0 | Sep 17, 2024 | Backstage is an open framework for building developer portals. A malicious actor with authenticated access to a Backstage instance with the catalog backend plugin installed is able to interrupt the service using a specially crafted query to the catalog API. This has been fixed in | ||
| CVE-2023-25571 | — | < 1.7.2 | 1.7.2 | Feb 14, 2023 | Backstage is an open platform for building developer portals. `@backstage/catalog-model` prior to version 1.2.0, `@backstage/core-components` prior to 0.12.4, and `@backstage/plugin-catalog-backend` prior to 1.7.2 are affected by a cross-site scripting vulnerability. This vulnera |
- CVE-2024-45815Sep 17, 2024affected < 1.26.0fixed 1.26.0
Backstage is an open framework for building developer portals. A malicious actor with authenticated access to a Backstage instance with the catalog backend plugin installed is able to interrupt the service using a specially crafted query to the catalog API. This has been fixed in
- CVE-2023-25571Feb 14, 2023affected < 1.7.2fixed 1.7.2
Backstage is an open platform for building developer portals. `@backstage/catalog-model` prior to version 1.2.0, `@backstage/core-components` prior to 0.12.4, and `@backstage/plugin-catalog-backend` prior to 1.7.2 are affected by a cross-site scripting vulnerability. This vulnera