VYPR

npm package

@backstage/plugin-scaffolder-node

pkg:npm/%40backstage/plugin-scaffolder-node

Vulnerabilities (2)

  • CVE-2026-24046HigJan 21, 2026
    affected < 0.11.2fixed 0.11.2

    Backstage is an open framework for building developer portals. Multiple Scaffolder actions and archive extraction utilities were vulnerable to symlink-based path traversal attacks. An attacker with access to create and execute Scaffolder templates could exploit symlinks to read a

  • CVE-2024-53983MedNov 29, 2024
    affected < 0.4.12fixed 0.4.12

    The Backstage Scaffolder plugin Houses types and utilities for building scaffolder-related modules. A vulnerability is identified in Backstage Scaffolder template functionality where Server-Side Template Injection (SSTI) can be exploited to perform Git config injection. The vulne