VYPR

npm package

@backstage/plugin-catalog-backend

pkg:npm/%40backstage/plugin-catalog-backend

Vulnerabilities (2)

  • CVE-2024-45815Sep 17, 2024
    affected < 1.26.0fixed 1.26.0

    Backstage is an open framework for building developer portals. A malicious actor with authenticated access to a Backstage instance with the catalog backend plugin installed is able to interrupt the service using a specially crafted query to the catalog API. This has been fixed in

  • CVE-2023-25571Feb 14, 2023
    affected < 1.7.2fixed 1.7.2

    Backstage is an open platform for building developer portals. `@backstage/catalog-model` prior to version 1.2.0, `@backstage/core-components` prior to 0.12.4, and `@backstage/plugin-catalog-backend` prior to 1.7.2 are affected by a cross-site scripting vulnerability. This vulnera