@backstage/catalog-model@0.1.1-alpha.12 vulnerabilities
Types and validators that help describe the model of a Backstage Catalog
-
latest version
1.7.1
-
latest non vulnerable version
-
first published
4 years ago
-
latest version published
6 days ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the @backstage/catalog-model package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
@backstage/catalog-model is a Types and validators that help describe the model of a Backstage Catalog Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization, which allows an attacker with access to add or modify content in an instance of the backstage software to inject a malicious script via the URLs in the entities of the catalog. How to fix Cross-site Scripting (XSS)? Upgrade |
>=0.1.1-alpha.9 <1.2.0
|