VYPR

npm package

@backstage/plugin-catalog-backend-module-unprocessed

pkg:npm/%40backstage/plugin-catalog-backend-module-unprocessed

Vulnerabilities (1)

  • CVE-2026-44374MedMay 14, 2026
    affected < 0.6.11fixed 0.6.11

    Backstage is an open framework for building developer portals. Prior to 0.6.11, the unprocessed entities read endpoints in @backstage/plugin-catalog-backend-module-unprocessed do not enforce permission authorization checks. Any authenticated user can access unprocessed entity rec