The Backstage backend plugin that provides the Backstage catalog
latest non vulnerable version
3 years ago
latest version published
24 days ago
Known vulnerabilities in the @backstage/plugin-catalog-backend package. This does not include vulnerabilities belonging to this package’s dependencies.Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
@backstage/plugin-catalog-backend is a The Backstage backend plugin that provides the Backstage catalog
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization, which allows an attacker with access to add or modify content in an instance of the backstage software to inject a malicious script via the URLs in the entities of the catalog.
How to fix Cross-site Scripting (XSS)?